[49565] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"

daemon@ATHENA.MIT.EDU (Richard J. Coleman)
Thu Feb 8 20:04:58 1996

To: cypherpunks@toad.com
In-Reply-To: Your message of "Thu, 08 Feb 1996 10:28:27 EST."
             <199602081528.KAA11525@light.lightlink.com> 
Date: Thu, 08 Feb 1996 19:57:37 -0500
From: "Richard J. Coleman" <coleman@math.gatech.edu>

> I downloaded this so-called "report". It doesn't even mentions PGP.
> Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
> want you to only use 90 bits for your keys and why they've never heard
> of PGP...
> 
> Anyone who listens to crypto advice from people who's purpose in life
> is to listen to *YOU* gets what they deserve. I'll stay with PGP which
> has a 2048 bit key.

The group of 7 in question are definitely not `wannabes'.  They are
about as knowledgeable a group as you could find outside of the NSA.

The report discussed the length of key needed for *symmetric*
crytosystems.  As this pertains to PGP, it uses a 128 bit session key
for the IDEA symmetric algorithm.  Not 2048.

Their recommendation was for a *minimum* of 90 bit keys for data
that must remain private for any length of time.  Given the calculations
they stated, this seems reasonable.

Richard Coleman
coleman@math.gatech.edu


home help back first fref pref prev next nref lref last post