[Cryptography] Encryption opinion
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Aug 15 02:39:20 EDT 2014
Jorge Perdomo <jp at gotenna.com> writes:
>We launched publicly a few weeks ago with the plans of using 1024-bit RSA for
>our encryption, but have received a lot of complaints from people telling us
>that RSA wasn't safe and whatnot. I'm not an expert, but through our
>research we felt like 1024RSA for a 160 character text message was plenty
>strong, but we could be wrong.
Yep, it should be fine for what you're using it for. The problem that you're
running into here is one of marketing, not security. People will happily use
a platform crawling with random third-party apps, plugins, and (frequently)
malware for their "secure" messaging, but tell them you're using keys that
don't make the appropriate fashion statement and they'll scream bloody murder.
See "The Curse of Cryptography Numerology",
http://iang.org/ssl/grigg-gutmann-cryptographic-numerology.pdf.
>Our team has started looking into other options, and we found some kind of
>elliptic curve cryptography that seems like it would be stronger, while also
>keeping our packet sizes as small as possible (critical!). Before we start
>building any of this custom though, I was hoping we might be able to get the
>opinion of some of your in the cryptography community.
Unfortunately, the opinion of the (technical) crypto community doesn't count
for much when you're going up against a fashion statement. Announce a new
release, with the crypto designed by Oscar Zoroaster Digg, and mention either
a key size of 2048 bits or greater or the use of ECC (key size doesn't matter,
just "ECC" is fine).
(This then runs into a second problem, that ECC is incredibly brittle and easy
to get wrong, so you're probably going to be less secure with ECC than RSA.
Depends on whether you're more concerned about actual security or marketing
security).
Another option is to challenge anyone who questions a 1024-bit key to describe
how they'd attack it (with a breakdown of resources needed, computing times,
etc). Unfortunately I think this is a battle you can't win, you can't fight
fashion/numerology with logic.
Peter.
More information about the cryptography
mailing list