[51475] in Cypherpunks
Re: Signature 2
daemon@ATHENA.MIT.EDU (Derek Atkins)
Tue Mar 5 21:49:44 1996
To: "Charles Choi (SAR)" <choi@virtu.sar.usf.edu>
Cc: Jim_Miller@bilbo.suite.com, cypherpunks@toad.com
In-Reply-To: Your message of "Tue, 05 Mar 1996 20:26:25 EST."
<Pine.SUN.3.91.960305202130.11469B-100000@virtu>
Date: Tue, 05 Mar 1996 21:18:19 EST
From: Derek Atkins <warlord@MIT.EDU>
Hi,
> Assumption 1 : a privacy key can become uncrackable.
> Assumption 2 : an individual signature can become immune to fraud.
> Posit : fuse the two together so that pseudonyms/aliases/online names ensure
> complete privacy, but ensure that you talk to the same person
> everytime.
> Probably proposed already.
Unforutnately both of your assumptions are wrong. A key cannot be
100% uncrackable, and a signature cannot be 100% immune to fraud.
With electronic security, there is always a chance that a key can be
cracked or a signature forged. The question is how hard is it to
crack the key or forge the signature? You need to balance the
security with the price.
For example, a 1024-bit RSA key cannot be cracked, today, in a
reasonable amount of time. However it is unclear how long that will
last. Look at RSA-129; in 1977 Ron Rivest said it would take 40
quadrillion years to break the key. In 1993-4 it took 8 months (5000
MIPS-years).
A key has a limited size, therefore it is theoretically possible to
try every single key (this is called brute-force). Therefore it is
impossible to have 100% uncrackable keys. Singatures have the same
problem.
Enjoy!
-derek
