On Apr 22 2009, Shane Kerr wrote:
Paul Hoffman wrote:
At 10:07 PM +0200 4/21/09, Shane Kerr wrote:
[...]
The same RSA-cracker that our evil-doers dropped $10 million on to hack
web SSL will work nicely for RSA DNSSEC, thanks!
You're welcome. :-) Of course it will. It will also work on all other 1024-bit
keys. If you believe that your DNSSEC key is worth more to an attacker than
those other keys, then you should use a larger key. Nothing special here.
You seem to think that because there are higher-value targets nobody
would ever bother to attack a 1024-bit DNSSEC key. My point is that once
the investment has been made to attack SSL certificates, the tools can
just as easily be used for DNSSEC.
So rather than feel safe because someone else is a nicer target, we
should worry because cracking technology reduces the safety of all keys.
There are *two* cost figures involved in the hypothetical cracking.
There is the setup cost of the equipment, to which the $10million
refers, and the incremental cost of cracking a particular key. Even
if the latter is "how long do I have to dedicate my $10million
equipment to cracking this particular key".
The right model is probably "how much do we have to charge Black Hat, Inc.
per key we crack for them, to make a decent profit?".
--
Chris Thompson
Email: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
