[550] in WWW Security List Archive
Re: 40 bit encryption: Missing the point
daemon@ATHENA.MIT.EDU (Marc Andreessen)
Tue Mar 28 04:57:20 1995
To: www-security@ns1.rutgers.edu
From: Marc Andreessen <marca@netscape.com>
Date: 28 Mar 1995 06:38:04 GMT
Errors-To: owner-www-security@ns2.rutgers.edu
mike@arl.mil (Mike Muuss) wrote:
>
>Robert Inder wrote -
>
>> I suspect I am missing the point somewhere. [...]
>> wcs@anchor.ho.att.com expresses worries that people with criminal intent
>> who could fork out $1M would be able buy enough computing power to break
>> 40-bit encryption schemes and get credit card numbers for $100.
>>
>> Now, if crooks are prepared to pay for credit card numbers (just the
>> numbers, nothing else), surely they could get them for much less than $100
>> by paying supermarket staff, waiters, garage attendants or travel agents to
>> pass them on. [...] Why should
>> we worry that there is now going to be a high-tech, capital- and
>> skill-intensive way of doing something that can be done by low-key bribery
>> or blackmail or petty dishonesty anyway?
>
>As I see it, the issue is one of "designing for success." If E-commerce
>takes off, the original set of protocols will probably last 10 to 20
>years. The computing which costs $1M today will be in every teenager's
>bedroom in 20 years, at a cost of perhaps $1000 in 1995 dollars.
>
>I'd rather not discover that in the year 2005 some cracker had made
>off with all my E-credit "cards" because someone in 1995 was pinching
>a few pennies to reduce key length.
>
>Let us not repeat the mistake of the UNIX "crypt()" function, which
>was supposed to provide a "one-way" encryption of a user's password.
>The algorithm held up for roughly a decade, but it remains in use
>unmodified well after two decades....
>
>It seems to me that in a day when DES with 56-bit keys offers only
>"weak" protection of data, it is foolish to design E-commerce and
>privacy systems which may last until 2050 with keys shorter than 256
>bits.
>
>When I generated my PGP public key it offered me the opportunity to
>create a 1024 bit key. My face lit up with a big smile, and I said
>"sure!".
Two comments:
(a) Nobody's not "designing for success" or "pinching a few
pennies to reduce key length", unfortunately. US export
laws are very real barriers to what US companies (citizens)
can create and cause to be widely used via legal means.
(b) Key length for public keys (e.g. RSA or PGP) and for
symmetric ciphers (e.g. DES or RC4) are very different.
DES with 56-bit keys is moderately weak, but RC4 at 128 bits
(for example) is tremendously strong, whereas RSA with 512
bits is currently reasonable and RSA with 1024 bits is good.
Cheers,
Marc
>
> Best,
> -Mike Muuss
>
> Leader, Advanced Computer Systems Team
> Survivability and Lethality Analysis Directorate
> The U.S. Army Research Laboratory
> APG, MD 21005-5068 USA
--
Marc Andreessen
Netscape Communications Corp.
Mountain View, CA
marca@netscape.com
