Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: 1024-bit RSA keys in danger of compromise (fwd)

  • From: Len Sassaman
  • Date: Mon Mar 25 21:07:51 2002

On Mon, 25 Mar 2002, Deepak Jain wrote:

>
> Exactly. Why think $2B is some insurmountable barrier when there are far

$2B isn't an insurmountable barrier. It is well within most intelligence
agencies' budgets, and that price will only get lower.

> At present, if you have the sophistication to break an "interesting" key,
> you could have the sophistication to not be detected MITM. The difference
> between inserting/replacing a valid flow, and simply listening [unless the
> attacker is stupid] isn't that big a difference from a detection [of the
> attack] point of view.

Passive attacks are, by definition, undetectable. Active attacks are not;
some are simply more detectable than others.

> No one is going to spend millions of dollars to get at most the same
> millions of dollars of back in credit card fraud [good money after bad].
> Anyone who is relying on these commercial architectures to secure gov't
> secrets or secrets worthy of an intelligence outfit's attention is a moron
> [for numerous reasons]. If all you are doing is trying to secure machines
> against script kiddies, starting huge public debates and initiatives and the
> like seems like overkill to me. [investment is greater than reward]. YMMV.

Remember that there is no international law preventing a country's
intelligence agency from committing industrial espionage for its own
companies (and in fact this is common practice).

Also, remember that the US Military has considered, and may very well be
using, IPsec in the field to coordinate military maneuvers.

I think you're really missing the main point with that $2 billion figure.
The "big surprise" is that we might be able to put a price-point on
factoring 1024 bit keys -- previously, they were thought to be "secure
forever".

A machine that costs $2 billion today, according to Moore's law, will cost
about $200,000 20 years from now. Not counting inflation. That will be
well within many people's budgets.







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.