[Cryptography] Encryption opinion

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Aug 17 08:29:04 EDT 2014


ianG <iang at iang.org> writes:

>b.  RSA 1024 is considered a weak length these days.  But it still depends on
>"against whom?"

It's the old "what's your threat model" again.  RSA-512 is still in active
use, and in many situations it's perfectly secure.  Consider one real-life
example that I ran into a few years back, a company was using embedded print
servers with access secured via 512-bit RSA keys (the hardware couldn't really
manage much more than that) across a number of their business locations.  Now
if you look at what that entails in terms of security, it means that an
attacker who has already penetrated their internal network (full of machines
containing business-sensitive data, payroll information, trade secrets, and so
on) who ignores all of this and instead decides to attack the RSA key on one
of the print servers, now has the ability to turn off toner savings on the
printers, and change the page size from US Letter to A4.  RSA-512 was
perfectly adequate for what they were using it for, which was to keep random
gefingerpokers from messing up the printer settings.

If they'd followed the NIST guidelines, they'd have had to scrap all of their
print servers and replace them, at considerable cost in terms of time and
money, with new ones that provided no benefit over the existing ones.

Another example of this occurs with online commerce.  Turn off every cipher in
your browser except single DES (I'm not sure if you can still enable RC4/40)
and go to your bank and transfer some funds, or go to eBay and buy something.
Watch the complete lack of anything that arises from this.

Peter.


More information about the cryptography mailing list