[1597] in cryptography@c2.net mail archive
Costs of Key Recovery
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Sep 23 15:16:47 1997
Date: Tue, 23 Sep 1997 12:02:56 -0700
To: cryptography@c2.net, Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
From: Bill Frantz <frantz@communities.com>
Ross Anderson <Ross.Anderson@cl.cam.ac.uk> writes:
>There is also the point that the vast majority of encryption keys are
>actually used for authentication rather than confidentiality. The keys
>that encrypt your bank card PIN en route from the ATM to the bank, the
>keys in your satellite TV decoder, the keys in your gas meter and your
>postal meter - in fact the majority of all DES keys in use - are about
>authentication. In theory most of them could be replaced by digital
>signature mechanisms but given the size of the installed base, it
>won't happen anytime soon.
Ross mentions an issue that includes a significant cost which hasn't been
specifically mentioned. That is the five order of magnitude cost of
substituting public key operations for symmetric key operations.
If you require strong authentication for access, you can approach it in two
ways:
(1) Share a secret (e.g. username and password or symmetric key), or
(2) Maintain an access control list and verify identity with public key
operations.
If you have strong secrecy in your protocols, (1) will require much less
CPU time than (2). If you do not have strong secrecy, then you must use
(2). This reduced cost can be used to have much finer grained access
controls.
For further information see (warning 2nd URL may be split):
http://www.communities.com/company/papers/security/index.html
http://discuss.foresight.org/M1/nph-med.cgi/http://www.caplet.com/security/t
axonomy/
Bill Frantz Electric Communities
Capability Security Guru 10101 De Anza Blvd.
frantz@communities.com Cupertino, CA 95014
408/342-9576 http://www.communities.com
