[10519] in cryptography@c2.net mail archive
RE: Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
daemon@ATHENA.MIT.EDU (Bram Cohen)
Wed Feb 27 12:56:23 2002
Date: Tue, 26 Feb 2002 16:49:30 -0800 (PST)
From: Bram Cohen <bram@gawth.com>
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: bear <bear@sonic.net>,
"Phillip H. Zakas" <pzakas@toucancapital.com>,
'Eugene Leitl' <Eugene.Leitl@lrz.uni-muenchen.de>,
'Cryptography List' <cryptography@wasabisystems.com>
In-Reply-To: <v04210107b8a140c9e530@[192.168.0.2]>
Message-ID: <Pine.LNX.4.21.0202261425380.748-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Arnold G. Reinhold wrote:
> At 11:49 AM -0800 2/25/02, bear wrote:
> >...
> >The "secure forever" level of difficulty that we used to believe
> >we got from 2kbit keys in RSA is apparently a property of 6kbit
> >keys and higher, barring further highly-unexpected discoveries.
>
> Highly-unexpected? All of public key cryptography is build on
> unproven mathematical assumptions. Why should this be the last
> breakthrough? If you plot the curve of what key length was considered
> long enough as a function of time, it doesn't look very good.
Indeed, the only PK primitive I *really* trust is secure hash based
signatures -
http://bitconjurer.org/CheapSignaturesBeta.py
Going one step below that, most of the practical breaks we've had have
been from protocol screwups rather than key length problems, and I've
never seen a list purporting to be definitive of all the gotchas in RSA,
so the only fancy math primitive I feel confident to design a protocol
with is diffie-hellman.
So there you have it - the only really confidence-inspiring piece of
public key cryptography was the first one ever invented.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
