North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: 1024-bit RSA keys in danger of compromise (fwd)
- From: Len Sassaman
- Date: Mon Mar 25 21:07:51 2002
On Mon, 25 Mar 2002, Deepak Jain wrote:
> Exactly. Why think $2B is some insurmountable barrier when there are far
$2B isn't an insurmountable barrier. It is well within most intelligence
agencies' budgets, and that price will only get lower.
> At present, if you have the sophistication to break an "interesting" key,
> you could have the sophistication to not be detected MITM. The difference
> between inserting/replacing a valid flow, and simply listening [unless the
> attacker is stupid] isn't that big a difference from a detection [of the
> attack] point of view.
Passive attacks are, by definition, undetectable. Active attacks are not;
some are simply more detectable than others.
> No one is going to spend millions of dollars to get at most the same
> millions of dollars of back in credit card fraud [good money after bad].
> Anyone who is relying on these commercial architectures to secure gov't
> secrets or secrets worthy of an intelligence outfit's attention is a moron
> [for numerous reasons]. If all you are doing is trying to secure machines
> against script kiddies, starting huge public debates and initiatives and the
> like seems like overkill to me. [investment is greater than reward]. YMMV.
Remember that there is no international law preventing a country's
intelligence agency from committing industrial espionage for its own
companies (and in fact this is common practice).
Also, remember that the US Military has considered, and may very well be
using, IPsec in the field to coordinate military maneuvers.
I think you're really missing the main point with that $2 billion figure.
The "big surprise" is that we might be able to put a price-point on
factoring 1024 bit keys -- previously, they were thought to be "secure
A machine that costs $2 billion today, according to Moore's law, will cost
about $200,000 20 years from now. Not counting inflation. That will be
well within many people's budgets.