[Cryptography] "How Long Will Unbreakable Commercial Encryption Last?"

Tom Mitchell mitch at niftyegg.com
Sun Sep 22 23:36:55 EDT 2019 

On Sun, Sep 22, 2019 at 3:27 PM Phillip Hallam-Baker <phill at hallambaker.com>
wrote:

> On Sat, Sep 21, 2019 at 10:54 PM John Levine <johnl at iecc.com> wrote:
>
>> In article <2CCE423E-F119-4FBA-9396-AD0C323FED3B at lrw.com> you write:
>> >
>> https://www.lawfareblog.com/how-long-will-unbreakable-commercial-encryption-last
>> >
>> >The article is by Stewart Baker, who's been involved in this debate for
>> a very long time.
>>
>> It's certainly worth reading but I wouldn't take it at face value.
>> Baker was a big fan of the Clipper chip (see
>> https://www.wired.com/1994/06/nsa-clipper/) and I don't get the
>> impression that his positions have changed much in the subsequent 25
>> years.
>>
>
> I find it really difficult to believe that there will be governments in
> the EU that are strong enough to push through such a ban in the next
> decades. The UK Tory party has just split and will quite probably not form
> another administration in our lifetime. It is highly unlikely that there
> will be any single party government in a major European country for the
> next decade or more.
>

For a  moment I thought this was in reference to a recent news
blurb  "Crown Sterling Claims to Factor RSA
announced that they "decrypted two 256-bit asymmetric public keys in
approximately 50 seconds from
a standard laptop computer." Really. They did."  It got sliding traction on
Twitter and
Schneier on Security in the last week.

It reminded me that key length in a pub/priv pair is visible and obvious.
Policing via key length is possible.  Large clusters and Quantum machines
are putting decryption in the hands of those with cash and focus.

Smart phones access and control more and more money.  Money will keep the
local hand held 'bank' station secure.
Should a bank credentials be cracked the impact is billions not my
thousands.  You and I connect to our bank and that
key is the key to this topic.  My short key and banks long key... will keep
half the message content secret.  Bootstrapping
will pull even longer keys into the mix.

Andrew Yang (running for pres) has made a thing about it.
https://twitter.com/AndrewYang/status/1175200727385464832?s=20 <-- politics
trumps reality
"Google’s announcement that it has achieved “quantum supremacy” with a
[GROWING]-qubit quantum computer

The bit about going dark is a reflection on how bright things were recently
and they do not
want to relinquish this... We had wiretaps on Al Capone.
https://www.npr.org/templates/transcript/transcript.php?storyId=138889467

There is a considerable amount of concern about the power that Google,
> Facebook, etc. have acquired. But that is in relation to their
> custodianship of information that has little if anything to do with
> cryptography. It is the use of Deep Learning etc. to uncover information
> that society assumes to be private that is of concern.
>

The issues of big data and elections is a nightmare. As an experiment I
registered for a party different than my spouse.
The information I get and the information she gets shares no common data or
message.  In fact it is all spun into messages that
have no footnotes pointing to facts.  Including who sends most of it.   I
am going to make a couple of Twitter accounts to see what
I can see by following different sets of individuals and groups.   The
snail mail often arrives well past time for mail in ballots.   Encryption
flaws and omissions that allow insertion of content in the last mile is the
digital risk ... eliminating net neutrality rules can facilitate very
targeted  and biased communications.

So back on track:
Q: "How Long Will Unbreakable Commercial Encryption Last?"

SWAG:  For some encryption codes and key lengths  about 10 years for
government resources that can afford multiple Q machines perhaps less.  If
you bet your life,  key lengths need to be durable for the life of an
individual.
Bit-coin keys can be replaced by transferring all the value from key-short
to key-new.

Codes and key lengths known to be quantum durable may endure a lot longer.
Data at rest needs key length increases for every 5 years it needs to be
secret.  "RSA claims that 1024-bit keys are likely to become crackable some
time between 2006 and 2010 and that 2048-bit keys are sufficient until
2030. The NIST recommends 2048-bit keys for RSA. An RSA key length of 3072
bits should be used if security is required beyond 2030."
Key size - Wikipedia <https://en.wikipedia.org/wiki/Key_size>



LIMITATIONS:  These break through machines will not have easy access and
the cadre of operators, programmers and agenda setters will hearken back to
the 50's and 60's  where money controlled limited access.  Then budgets for
hardware ~$2,370,000 in 1964 dollars for then state of the art hardware now
looks like $40,000,000 today so when breakthrough machines hit 40 Million
it will get interesting and in the reach of series B startup class
projects.

Real time big brother listening hmmm... The Tesla Van parked near a phone
exchange box will be the anonymous listening van.
The BBC hit a wall with their listening vans as receivers used less and
less power and the IF had to be shielded more and more to be reliable.
Real time listening is likely gone forever and the ability to decrypt
captured and archived message traffic  more limited by legal process than
anything.















-- 
          T o m    M i t c h e l l ( o n   N i f t y E g g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190922/32edb585/attachment.htm>

More information about the cryptography mailing list