On 2010-08-17 3:46 PM, Jonathan Katz wrote:
Many on the list may already know this, but I haven't seen it mentioned
on this thread. The following paper (that will be presented at Crypto
tomorrow!) is most relevant to this discussion:
"Factorization of a 768-bit RSA modulus",
http://eprint.iacr.or
On 2010-08-15 7:59 AM, Thor Lancelot Simon wrote:
Indeed. The way forward would seem to be ECC, but show me a load balancer
or even a dedicated SSL offload device which supports ECC.
For sufficiently strong security, ECC beats factoring, but how strong is
sufficiently strong? Do you have any
On Tue, 17 Aug 2010, Steven Bellovin wrote:
They also suggest that a 3-4 year phase-out of 1024-bit moduli is the proper
course.
Note that this is because they take into consideration that secrets have
to be unbreakable for decade(s), which is not the case for all uses of
RSA. For example in
Forwarded at Andrew's request.
Original Message
Subject: Re: 2048-bit RSA keys
Date: Tue, 17 Aug 2010 19:11:55 -0500 (CDT)
From: Andrew Odlyzko
To: Samuel Neves
CC: cryptography@metzdowd.com
It is not unreasonable to consider the possibility of
algorithmi
On Aug 17, 2010, at 5:19 10PM, Samuel Neves wrote:
> On 17-08-2010 21:42, Perry E. Metzger wrote:
>> On Tue, 17 Aug 2010 22:32:52 +0200 Simon Josefsson
>> wrote:
>>> Bill Stewart writes:
>>>
Basically, 2048's safe with current hardware
until we get some radical breakthrough
like
On 18/08/10 3:46 AM, Peter Gutmann wrote:
> Alexander Klimov writes:
>
>> Each real-time check reveals your interest in the check. What about privacy
>> implications?
>
> (Have you ever seen a PKI or similar key-using design where anyone involved in
> speccing or deploying it genuinely cares abou
On 17-08-2010 21:42, Perry E. Metzger wrote:
> On Tue, 17 Aug 2010 22:32:52 +0200 Simon Josefsson
> wrote:
>> Bill Stewart writes:
>>
>>> Basically, 2048's safe with current hardware
>>> until we get some radical breakthrough
>>> like P==NP or useful quantum computers,
>>> and if we develop hard
On Aug 16, 2010, at 9:19 49PM, John Gilmore wrote:
>> who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks?
>
> "Enemy"? We don't have to be the enemy for someone to crack our
> security. We merely have to be in the way of something they want;
> or to be a convenient tool or fo
On Aug 17, 2010, at 4:20 AM, Peter Gutmann wrote:
Your code-signing system should create a tamper-resistant audit
trail [0] of
every signature applied and what it's applied to.
Peter.
[0] By this I don't mean the usual cryptographic Rube-Goldbergery,
just log
the details to a separate
On Tue, 17 Aug 2010 22:32:52 +0200 Simon Josefsson
wrote:
> Bill Stewart writes:
>
> > Basically, 2048's safe with current hardware
> > until we get some radical breakthrough
> > like P==NP or useful quantum computers,
> > and if we develop hardware radical enough to
> > use a significant fracti
Bill Stewart writes:
> Basically, 2048's safe with current hardware
> until we get some radical breakthrough
> like P==NP or useful quantum computers,
> and if we develop hardware radical enough to
> use a significant fraction of the solar output,
> we'll probably find it much easier to eavesdrop
On Tue, Aug 17, 2010 at 1:46 AM, Joseph Ashwood wrote:
>
> The storage required for 2048 is approximately 2^64 bytes...
>
And from the density (1TB per cubic inch) in US Patent Application
20090094406, that gives about 70,000 gallons of memory or about 14 of
my father-in-law's average sized backya
I sent an email asking for technical information several months ago
and did not receive a response. The FAQ says "the Haystack client
connects to our servers which in turn talk to websites on behalf of
our users" and "from a user's point of view, Haystack appears to be a
normal HTTP proxy". There i
On Tue, 17 Aug 2010 15:04:00 +0300 Alexander Klimov
wrote:
> On Sat, 31 Jul 2010, Perry E. Metzger wrote:
> > There is no rational reason at all that someone should "endorse" a
> > key when it is possible to simply do a real time check for
> > authorization. There is no reason to sign a key when y
Alexander Klimov writes:
>Each real-time check reveals your interest in the check. What about privacy
>implications?
What about them?
(Have you ever seen a PKI or similar key-using design where anyone involved in
speccing or deploying it genuinely cares about privacy implications? Not only
hav
On Sat, 31 Jul 2010, Perry E. Metzger wrote:
> You are still following the same model that has failed over and over
> and over again. "Endorsing" keys is the same "we have no internet,
> so we rely on having big books to tell us whether a person's credit
> card was stolen" model.
>
> There is no ra
A quick followup note on this, I was reading Microsoft's code-signing best
practices document and one comment caught my eye:
If code is signed automatically as part of a build process, it is highly
recommended that any code that is submitted to that build process be
strongly authenticated.
The mainstream press is full of discussion for a new program,
Haystack, developed by a guy name Austin Heap and sponsored by the
Censorship Research Center as a new kind of secure proxy. See http://www.haystacknetwork.com/faq/
for some information.
As described, the program relies on some
FAIR DISCLOSURE: I am the inventor of some of the technology quoted,
specifically US Patant Application 20090094406. And just to plug myself even
more, yes the technology is for sale.
--
From: "Bill Stewart"
Subject: Re: 2048-bit RSA keys
At 01
On Sun, 15 Aug 2010, Paul Hoffman wrote:
At 9:34 AM -0700 8/15/10, Ray Dillinger wrote:
I'm under the impression that <2048 keys are now insecure mostly due
to advances in factoring algorithms that make the attack and the
encryption effort closer to, but by no means identical to, scaling
with t
> who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks?
"Enemy"? We don't have to be the enemy for someone to crack our
security. We merely have to be in the way of something they want;
or to be a convenient tool or foil in executing a strategy.
Given the prevalence of Chinese c
21 matches
Mail list logo