[48875] in Cypherpunks
Re: Crypto-smart-card startup Inside Technologies
daemon@ATHENA.MIT.EDU (Peter Monta)
Thu Feb 1 00:42:33 1996
To: cypherpunks@toad.com
In-Reply-To: Your message of "Wed, 31 Jan 1996 20:47:07 PST."
<m0thqvv-00092XC@pacifier.com>
Date: Wed, 31 Jan 1996 21:41:19 -0800
From: Peter Monta <pmonta@qualcomm.com>
jim bell <jimbell@pacifier.com> writes:
> > [ Inside Technologies ]
> > ..."In public-key cryptography, 512-bit keys are typical and
> > already vulnerable. So we are looking at 640-bit-long keys
> > supported by a scalable design."
>
> This kind of thing disgusts me. We already know 512-bit keys are weak. As
> I recall, I was told that 512 bit keys could be cracked in 20,000
> MIPS-years. If the ballpark formula holds that adding 10 bits doubles the
> security, that merely means that 640 bits is 2**(128/10) or 8000 times
> strong. While obviously better than 512, it is not ENOUGH better to make me
> confident that this is a long-term secure length. 768 or 1024 bits should
> be considered the minimum. A deliberate design of 640 bits makes it look
> like it's intended to be crackable in 5-10 years, much as DES was suspected
> of a similar design decision in limiting its keylength to 56 bits.
But the "scalable design" presumably means the hardware can deal
with a variety of modulus lengths. As you say, they would be
short-sighted to make a fixed choice.
Peter Monta pmonta@qualcomm.com
Qualcomm, Inc./Globalstar
