[2364] in cryptography@c2.net mail archive
RE: Weak Crypto and Y2K
daemon@ATHENA.MIT.EDU (Trei, Peter)
Wed Mar 25 14:52:55 1998
From: "Trei, Peter" <ptrei@securitydynamics.com>
To: "'Arnold G. Reinhold'" <reinhold@world.std.com>,
Nathan Spande
<nathan@epicsys.com>,
"'perry@piermont.com'" <perry@piermont.com>
Cc: "'cryptography@c2.net'" <cryptography@c2.net>
Date: Wed, 25 Mar 1998 11:31:23 -0500
> -----Original Message-----
> From: Arnold G. Reinhold [SMTP:reinhold@world.std.com]
>
> I think there is a parallel between designing electronic commerce
> infrastructure today that use weak cryptography (i.e. 40 or 56 bit
> keys)
> and, say, designing air traffic control systems in the '60s using two
> digit year fields. You know it will work well enough for now, but that
> it
> will certainly be a problem in the future. Yes, there are other weak
> points
> that will have to be addressed, but that is no excuse for employing
> crippled technologies. Just because you can retire before it all
> blows up
> doesn't make it any less irresponsible.
>
>
> Arnold Reinhold
>
>
[Trei, Peter]
It was precisely to push this issue that I proposed
the DES challenges to Jim Bidzos (long before I came
to SDI). 40 bit crypto became a joke when Ian Goldberg
cracked 40 bit RC5 in 3.5 hours.
While it may be irritating to hear Government-droids
claim that it takes 4 months to crack DES (actually,
the latest crack took 40 days to search nearly the
entire keyspace), and DES is therefore strong, if
the DES challenges had not existed they would still
be claiming that 56 bit encryption is uncrackable.
The next DES challenge will have a 10 day limit, and
I have a lot of confidence that it will be met.
Peter Trei
ptrei@securitydynamics.com
DISCLAIMER: The above are my personal opinions only.
