[145669] in cryptography@c2.net mail archive
Re: Has there been a change in US banking regulations recently?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Mon Aug 16 15:02:07 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <E1Okgpu-0004cf-6h@wintermute02.cs.auckland.ac.nz>
Date: Mon, 16 Aug 2010 09:30:48 -0400
Cc: Cryptography List <cryptography@metzdowd.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
On Aug 15, 2010, at 1:17 30PM, Peter Gutmann wrote:
> Ray Dillinger <bear@sonic.net> writes:
>> On Fri, 2010-08-13 at 14:55 -0500, eric.lengvenis@wellsfargo.com =
wrote:
>>=20
>>> The big drawback is that those who want to follow NIST's =
recommendations
>>> to migrate to 2048-bit keys will be returning to the 2005-era =
overhead.
>>> Either way, that's back in line with the above stated 90-95% =
overhead.
>>> Meaning, in Dan's words "2048 ain't happening."
>>=20
>> I'm under the impression that <2048 keys are now insecure mostly due =
to
>> advances in factoring algorithms=20
>=20
> Insecure against what?
Right -- who's your enemy? The NSA? The SVR? Or garden-variety =
cybercrooks?
> Given the million [0] easier attack vectors against
> web sites, which typically range from "trivial" all the way up to =
"relatively
> easy", why would any rational attacker bother with factoring even a =
1024-bit
> key, with a difficulty level of "quite hard"? It's not as if these =
keys have
> to remain secure for decades, since the 12-month CA billing cycle =
means that
> you have to refresh them every year anyway.
That depends on what you're protecting. If it's the 4-digit PIN to =
billion-zorkmid bank accounts, they key needs to remain secure for many =
years, given how seldom PINs are changed.
> Given both the state of PKI and
> the practical nonexistence of attacks on crypto of any strength =
because it's
> not worth the bother, would the attackers even notice if you used a =
32-bit RSA
> key? How would an adversary effectively scale and monetise an attack =
based on
> being able to break an RSA key, even if it was at close to zero cost?
>=20
> The unfortunate effect of such fashion-statement crypto =
recommendations as
> "you must use 2K bit keys, regardless of the threat environment" is =
that what
> it actually says is "you must not use SSL on your web site". "Le =
mieux est
> l'ennemi du bien" strikes again.
>=20
>=20
Yup.
>=20
> [0] Figure exaggerated slightly for effect.
But only slightly exaggerated...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
