Trillian Secure IM
Steven M. Bellovin
smb at cs.columbia.edu
Fri Oct 12 14:18:39 EDT 2007
On Thu, 11 Oct 2007 21:50:06 -0700
Bill Stewart <bill.stewart at pobox.com> wrote:
>
> > > | Which is by the way exactly the case with SecureIM. How
> > > | hard is it to brute-force 128-bit DH ? My "guesstimate"
> > > | is it's an order of minutes or even seconds, depending
> > > | on CPU resources.
>
> Sun's "Secure NFS" product from the 1980s had 192-bit Diffie-Hellman,
> and a comment in one of the O'Reilly NFS books says that
> "However, by 1990, advances in RISC processors produced
> workstation machines that could, by brute force,
> derive the private key from any public key in under a day."
> but that in 1987 there were still a lot of Motorola 68010 machines
> that took several minutes to generate keys so they didn't want it
> longer. I'm guessing that a 1990 RISC machine was around 50 MIPS,
> so it's maybe 1/100 the speed of a modern single-core CPU.
>
> 128-bit DH sounds like as good a decision as using 40-bit RC4 keys
> would be today.
>
It wasn't just brute force, it was math.
@Article{ nfscrack,
author = {Brian A. LaMacchia and Andrew M. Odlyzko},
journal = {Designs, Codes, and Cryptography},
pages = {46--62},
title = {Computation of Discrete Logarithms in Prime Fields},
volume = {1},
year = {1991},
annote = {Describes how the authors cryptanalyzed Secure RPC.}
}
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list