Re: quantum chip built

2006-01-17 Thread Michael Cordover
John Denker wrote: [EMAIL PROTECTED] wrote: From what I understand simple quantum computers can easily brute-force attack RSA keys or other types of PK keys. My understanding is that quantum computers cannot easily do anything. Au contraire, quantum computers can easily perform prime

Re: quantum chip built

2006-01-17 Thread Mads Rasmussen
Steven M. Bellovin wrote: http://www.wired.com/news/technology/0%2c70001-0.html?tw=wn_tophead_5 They seems to have built a device which can store one qubit, isolated from the rest of the world. They seem to be able to scale up their technique to store many qubits, but I strongly suspect

Re: long-term GPG signing key

2006-01-17 Thread Werner Koch
On Thu, 12 Jan 2006 00:48:05 -0600, Travis H said: All it really does is crudely limit the quantity of data sent under that key, which is little to none anyway. And it has the advantage that people will stop sending encrypted mail to this key after the expiration date. Comes handy if you

RE: long-term GPG signing key

2006-01-17 Thread Trei, Peter
Alexander Klimov wrote: On Wed, 11 Jan 2006, Ian G wrote: Even though triple-DES is still considered to have avoided that trap, its relatively small block size means you can now put the entire decrypt table on a dvd (or somesuch, I forget the maths). This would need 8 x 2^{64} bytes of

Re: long-term GPG signing key

2006-01-17 Thread Guus Sliepen
On Sat, Jan 14, 2006 at 12:30:25PM -0700, Anne Lynn Wheeler wrote: Guus Sliepen wrote: By default, GPG creates a signing key and an encryption key. The signing key is used both for signing other keys (including self-signing your own keys), and for signing documents (like emails). However,

Re: long-term GPG signing key

2006-01-17 Thread Anne Lynn Wheeler
Guus Sliepen wrote: It depends on how it is used. For example, when I sent this email, I typed in the passphrase of my PGP key, authorising GnuPG to create a signature for this email. This comes very close to human signing. I read, understood, approve etc. with the contents of this email.

Echelon papers leaked

2006-01-17 Thread Peter Gutmann
In 1996, New Zealander Nicky Hager wrote a book Secret Power containing a great deal of information on Echelon, with a particular NZ perspective. A few days ago, papers held by the Prime Minister of the time were accidentally released and appeared in the Sunday Star Times. Some quotes from the

Re: long-term GPG signing key

2006-01-17 Thread Ian Brown
Travis H. wrote: Why the heck am I expiring encryption keys each year? Anyone who records the email can crack it even if the key is invalid by then. All it really does is crudely limit the quantity of data sent under that key, which is little to none anyway. If your threat model includes

RE: quantum chip built

2006-01-17 Thread Whyte, William
From what I understand simple quantum computers can easily brute-force attack RSA keys or other types of PK keys. Is ECC at risk too? And are we at risk in 10, 20 or 30 years from now? Quantum computers break RSA, cryptosystems based on discrete log over finite fields, and cryptosystems

NY Times reports that spy program is not narrowly targeted

2006-01-17 Thread Perry E. Metzger
According to President Bush, the illegal NSA domestic espionage program he ordered was narrowly targeted against people known to have Al Qaeda links. However, it appears that, as with his previous false claims that espionage only happened with a warrant, that this claim was on its face untrue:

standards being adopted for encrypting stored data

2006-01-17 Thread Steven M. Bellovin
http://www.networkworld.com/news/2005/121505-tape-encryption.html Proposed standards for protecting data on disk or tape are gathering steam within the IEEE and could be supported in products as soon as next year, according to proponents. --Steven M. Bellovin,

Re: quantum chip built

2006-01-17 Thread bear
On Sat, 14 Jan 2006, Michael Cordover wrote: In order to factor a 1024 bit modulus you'd need a 1024 bit QC. Perhaps if there were some sudden breakthrough it'd be a danger in a decade - but this is the same as the risk of a sudden classical breakthrough: low. This is not necessarily so.