Re: Java applet security, exportability, Jon Postel haiku

Eric Rescorla (ekr@rtfm.com)
Tue, 27 Oct 1998 15:30:06 -0800

• Next message: Homayoun Saleh: "looking for papers"
• Previous message: Anonymous: "Re: Java applet security, exportability, Jon Postel haiku"
• Maybe in reply to: David R. Conrad: "Java applet security, exportability, Jon Postel haiku"
• Next in thread: Mark Tillotson: "Re: Java applet security, exportability, Jon Postel haiku"
• Reply: Mark Tillotson: "Re: Java applet security, exportability, Jon Postel haiku"

> > secrets that have long (10 plus years) lifetimes, claiming that it's
> > not strong enough to keep your kid sister out is ridiculous.
>
> I was trying to impress upon the reader that demanding only 2^80 work for
> your secrets is a bad idea. I agree that cracking KEA or DH with 160-bit
> exponents is currently infeasible for those kid sisters not blessed with
> lots and lots of time to spare (although the matter may be quite different
> when dealing with Big Brothers :).
>
> (BTW, I think a bigger threat than that of an *adversary* building a key
> cracker is that of an independent organization building one optimized for
> bulk cracking and using it in a keys-for-fees operation; it'd result in
> lower prices for individual keys and make enough money for the builders
> that other key crackers would spring up, and if the dance of supply and
> demand goes as I expect, it's time for those 128-, 192-, and 256-bit
> keys...)
Huh? Extending the calculation makes it perfectly clear that
128 bit keys are long enough for just about any foreseeable future.
128 bit keys are 72 bits stronger than a DES key. 72 bits is
approx 10^21. Now, imagine an attacker with the entire GNP
of the US (ca. $5x10^12) available to him. That means he can
build a machine that's say 10^7 times more powerful than
Deep Crack. Consequently, he'd be able to crack a 128 bit in
approximately 10^14 days, or 10^11 years. I'm not worried.

Now, consider a key for fee operation. Again, we use Deep Crack
and $100K as a baseline. Assume the machine has an operational
lifetime of 5 years and it can crack a key every 3 days. That's
roughly 500 keys over the lifetime of the machine, or $200/key.
Now, the cost for an 80 bit key is 2^24 (10^7) * $200 or
$10^9/key. That's a billion dollars.

Look, I'm all for using fairly large keys, but the sort of
simpleminded alarmism you're engaging in gets in the way of
understanding how strong our cryptosystems actually are.
Please do the math before you go ranting about how weak
or strong things are.

-Ekr

[Eric Rescorla ekr@rtfm.com]

• Next message: Homayoun Saleh: "looking for papers"
• Previous message: Anonymous: "Re: Java applet security, exportability, Jon Postel haiku"
• Maybe in reply to: David R. Conrad: "Java applet security, exportability, Jon Postel haiku"
• Next in thread: Mark Tillotson: "Re: Java applet security, exportability, Jon Postel haiku"
• Reply: Mark Tillotson: "Re: Java applet security, exportability, Jon Postel haiku"