[145083] in cryptography@c2.net mail archive
Re: Crypto dongles to secure online transactions
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Tue Nov 17 08:27:38 2009
Cc: Cryptography List <cryptography@metzdowd.com>
From: Jerry Leichter <leichter@lrw.com>
To: Jeremy Stanley <fungi@yuggoth.org>
In-Reply-To: <20091116173043.GK30134@yuggoth.org>
Date: Mon, 16 Nov 2009 23:20:27 -0500
On Nov 16, 2009, at 12:30 PM, Jeremy Stanley wrote:
>> If one organization distributes the dongles, they could accept
>> only updates signed by that organization. We have pretty good
>> methods for keeping private keys secret at the enterprise level,
>> so the risks should be manageable.
>
> But even then, poor planning for things like key size (a la the
> recent Texas Instruments signing key brute-forcing) are going to be
> an issue.
I'm not sure that's the right lesson to learn.
A system has to be designed to work with available technology. The
TI83 dates back to 1996, and used technology that was old even at the
time: The CPU is a 6MHz Z80. A 512-bit RSA was probably near the
outer limits of what one could expect to use in practice on such a
machine, and at the time, that was quite secure.
Nothing lasts forever, though, and an effective 13 year lifetime for
cryptography in such a low-end product is pretty good. (The
*official* lifetime of DES was about 28 years, though it was seriously
compromised well before it was officially withdrawn in 2005.)
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
