Question about key size (Was: [ale] ALE PGP Keysigning Party Instructions)
Michael H. Warfield
mhw at wittsend.com
Tue Jan 14 15:46:08 EST 2003
On Tue, Jan 14, 2003 at 03:23:13PM -0500, Jeff Hubbs wrote:
> I would think that this $1B estimate assumes that you're starting from
> nothing; a government intending to do such a thing would already have at
> least some of the ground covered. Also, I'm fairly sure that it
> wouldn't take $1B PER KEY.
It's also a WAG (Wild Ass Guess) on Bernstien's part as to whether
the factoring engine he described could be built (at all) and at what cost.
You also have to take into account how LONG it would take to
crack a key. I don't think that quote was for an engine that would
crack a 1024 bit key every second. Even if you could crack one 1024 bit
key per day (lots of luck) that still amounts to about $3M per key amortized
across the first year of use, and you only get 365 keys. I also don't
think that cost factor included the NRE (Non Recoverable Engineering)
cost but would be $1B per machine once you figured out how to make it.
The initial cost would probably be much higher and the initial engines
much less efficient. He made several assumptions about what this
hypothetical silicon could do and those assumptions have been roundly
questioned and critizised over the last year. I think the concesous
from Bruce Schneier and other respected cryptographers was that the
engine still isn't practical from and engineering standpoint but
that the theorical work was worth watching.
Considering the last embarrasments when the CIA computers
melted down when the overloaded, I would also say that the Government
not only does not have "at least some of the ground covered", I would
have to say they have "more ground to cover" in order to overcome
much of their established inertia and established infrastructure. No
help from existing stuff that's already overloaded, obsolete, and
still not providing a justifiable return on investment.
> -Jeff
> On Tue, 2003-01-14 at 13:42, Jason Day wrote:
> > On Tue, Jan 14, 2003 at 09:04:27AM -0700, Chris Ricker wrote:
> > > Do you encrypt anything with that 1024-bit key that's worth $1 billion to
> > > someone to crack? If not, don't worry about it yet.
> >
> > Well no, but that's not the point. If 1024-bit keys can in fact be
> > brute-forced with $1B, then it's safe to assume that the US government,
> > at the very least, can read any message encrypted with a 1024-bit key.
> >
> > I'm not bringing this up because I have something to hide, but because I
> > see little point in encrypting anything if it can be broken at will by
> > anyone with enough money.
> >
> > I'm not a crypto or math expert, so I don't know if Berstein is just
> > blowing smoke or not. I also don't know what the ramifications of using
> > a larger key are. Since no one has signed my key yet, but I'm planning
> > to attend the keysigning party, *now* is the time to worry about it.
> > --
> > Jason Day jasonday at
> > http://jasonday.home.att.net worldnet dot att dot net
> >
> > "Of course I'm paranoid, everyone is trying to kill me."
> > -- Weyoun-6, Star Trek: Deep Space 9
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
PGP signature
More information about the Ale
mailing list