Re: Java applet security, exportability, Jon Postel haiku

Anonymous (nobody@replay.com)
Wed, 28 Oct 1998 00:11:43 +0100

• Next message: Eric Rescorla: "Re: Java applet security, exportability, Jon Postel haiku"
• Previous message: Dave Del Torto: "anonymous Java thin client"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: Eric Rescorla: "Re: Java applet security, exportability, Jon Postel haiku"
• Reply: Eric Rescorla: "Re: Java applet security, exportability, Jon Postel haiku"

> While it's true that 80 bits probably isn't strong enough to protect
> secrets that have long (10 plus years) lifetimes, claiming that it's
> not strong enough to keep your kid sister out is ridiculous.

I was trying to impress upon the reader that demanding only 2^80 work for
your secrets is a bad idea. I agree that cracking KEA or DH with 160-bit
exponents is currently infeasible for those kid sisters not blessed with
lots and lots of time to spare (although the matter may be quite different
when dealing with Big Brothers :).

(BTW, I think a bigger threat than that of an *adversary* building a key
cracker is that of an independent organization building one optimized for
bulk cracking and using it in a keys-for-fees operation; it'd result in
lower prices for individual keys and make enough money for the builders
that other key crackers would spring up, and if the dance of supply and
demand goes as I expect, it's time for those 128-, 192-, and 256-bit
keys...)

>
> Thanks to the EFF DES cracking effort we've got a real good idea for
> a lower bound on how strong 80 bits is.[1] A 56 bit machine costs
> order $250K (let's assume $100K since the design effort is already
> done) and can crack a 56 bit key in 3 days. Such a machine could
> crack an 80 bit key in, oh, 100,000 years. So, let's say we were
> willing to put 100 million into it, then we'd be able to get
> it in 100 years. I don't know about you, but my kid sister
> doesn't have that kind of pocket change floating around.
>
> Now, in 10 years, a machine built for the same price will be
> able to do the job in a year or so. Then we'll have something
> to worry about.
>
> -Ekr
>
> [1] Yes, I know I'm assuming that the basic operation here is
> no faster than a trial DES key. However, I believe this is a
> fairly safe assumption.
>
> --
> [Eric Rescorla ekr@rtfm.com]

• Next message: Eric Rescorla: "Re: Java applet security, exportability, Jon Postel haiku"
• Previous message: Dave Del Torto: "anonymous Java thin client"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: Eric Rescorla: "Re: Java applet security, exportability, Jon Postel haiku"
• Reply: Eric Rescorla: "Re: Java applet security, exportability, Jon Postel haiku"