Has there been a change in US banking regulations recently?
Steven Bellovin
smb at cs.columbia.edu
Mon Aug 16 09:30:48 EDT 2010
On Aug 15, 2010, at 1:17 30PM, Peter Gutmann wrote:
> Ray Dillinger <bear at sonic.net> writes:
>> On Fri, 2010-08-13 at 14:55 -0500, eric.lengvenis at wellsfargo.com wrote:
>>
>>> The big drawback is that those who want to follow NIST's recommendations
>>> to migrate to 2048-bit keys will be returning to the 2005-era overhead.
>>> Either way, that's back in line with the above stated 90-95% overhead.
>>> Meaning, in Dan's words "2048 ain't happening."
>>
>> I'm under the impression that <2048 keys are now insecure mostly due to
>> advances in factoring algorithms
>
> Insecure against what?
Right -- who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks?
> Given the million [0] easier attack vectors against
> web sites, which typically range from "trivial" all the way up to "relatively
> easy", why would any rational attacker bother with factoring even a 1024-bit
> key, with a difficulty level of "quite hard"? It's not as if these keys have
> to remain secure for decades, since the 12-month CA billing cycle means that
> you have to refresh them every year anyway.
That depends on what you're protecting. If it's the 4-digit PIN to billion-zorkmid bank accounts, they key needs to remain secure for many years, given how seldom PINs are changed.
> Given both the state of PKI and
> the practical nonexistence of attacks on crypto of any strength because it's
> not worth the bother, would the attackers even notice if you used a 32-bit RSA
> key? How would an adversary effectively scale and monetise an attack based on
> being able to break an RSA key, even if it was at close to zero cost?
>
> The unfortunate effect of such fashion-statement crypto recommendations as
> "you must use 2K bit keys, regardless of the threat environment" is that what
> it actually says is "you must not use SSL on your web site". "Le mieux est
> l'ennemi du bien" strikes again.
>
>
Yup.
>
> [0] Figure exaggerated slightly for effect.
But only slightly exaggerated...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list