Trillian Secure IM

Andrew Odlyzko odlyzko at dtc.umn.edu
Sat Oct 13 18:28:07 EDT 2007 

To add to the reference, a preprint is available online at

  http://www.dtc.umn.edu/~odlyzko/doc/arch/prime.discrete.logs.pdf

A companion paper that was used crucially in the solution, "Solving
large sparse linear systems over finite fields," pp. 109-133 in  
"Advances in Cryptology - CRYPTO '90," A. J. Menezes and S. A. Vanstone 
(eds.), Springer Verlag, Lecture Notes in Computer Science #537 (1991)
is available at

  http://www.dtc.umn.edu/~odlyzko/doc/arch/sparse.linear.eqs.pdf

Andrew Odlyzko, http://www.dtc.umn.edu/~odlyzko

   


  > On Fri Oct 12, Steve Bellovin wrote:

  On Thu, 11 Oct 2007 21:50:06 -0700
  Bill Stewart <bill.stewart at pobox.com> wrote:

  > 
  > > > | Which is by the way exactly the case with SecureIM. How
  > > > | hard is it to brute-force 128-bit DH ? My "guesstimate"
  > > > | is it's an order of minutes or even seconds, depending
  > > > | on CPU resources.
  > 
  > Sun's "Secure NFS" product from the 1980s had 192-bit Diffie-Hellman,
  > and a comment in one of the O'Reilly NFS books says that
  >          "However, by 1990, advances in RISC processors produced
  >          workstation machines that could, by brute force,
  >          derive the private key from any public key in under a day."
  > but that in 1987 there were still a lot of Motorola 68010 machines
  > that took several minutes to generate keys so they didn't want it
  > longer. I'm guessing that a 1990 RISC machine was around 50 MIPS,
  > so it's maybe 1/100 the speed of a modern single-core CPU.
  > 
  > 128-bit DH sounds like as good a decision as using 40-bit RC4 keys
  > would be today.
  > 
  It wasn't just brute force, it was math.

  @Article{         nfscrack, 
    author        = {Brian A. LaMacchia and Andrew M. Odlyzko},
    journal       = {Designs, Codes, and Cryptography},
    pages         = {46--62},
    title         = {Computation of Discrete Logarithms in Prime Fields},
    volume        = {1},
    year          = {1991},
    annote        = {Describes how the authors cryptanalyzed Secure RPC.}
  }



  		--Steve Bellovin, http://www.cs.columbia.edu/~smb

  ---------------------------------------------------------------------
  The Cryptography Mailing List
  Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list