[2365] in cryptography@c2.net mail archive
RE: Weak Crypto and Y2K
daemon@ATHENA.MIT.EDU (Nathan Spande)
Wed Mar 25 14:57:41 1998
From: Nathan Spande <nathan@epicsys.com>
To: "'Trei, Peter'" <ptrei@securitydynamics.com>,
"'Arnold G. Reinhold'"
<reinhold@world.std.com>,
"'perry@piermont.com'" <perry@piermont.com>
Cc: "'cryptography@c2.net'" <cryptography@c2.net>
Date: Wed, 25 Mar 1998 10:51:26 -0600
Ok, I guess my point wasn't all that clear. I'm not advocating the use
of 40-bit, or even 56-bit systems. My original point was that the
argument of "strong encryption prevents crimes" is not a useful one.
Even weak cryptography prevents crimes. Our definitions of "strong" and
"weak" will change as time goes on, 56 being the high end of "weak" now,
rather than the low end of "strong". We need to be careful in our
arguments, as careful as we are in our implementations. A bug in
testimony before Congress is much more difficult to fix, and could cause
much more damage, than a bug in your RC4 implementation.
Nathan
> -----Original Message-----
> From: Trei, Peter [SMTP:ptrei@securitydynamics.com]
> Sent: Wednesday, March 25, 1998 10:31 AM
> To: 'Arnold G. Reinhold'; Nathan Spande; 'perry@piermont.com'
> Cc: 'cryptography@c2.net'
> Subject: RE: Weak Crypto and Y2K
>
>
>
> > -----Original Message-----
> > From: Arnold G. Reinhold [SMTP:reinhold@world.std.com]
> >
> > I think there is a parallel between designing electronic commerce
> > infrastructure today that use weak cryptography (i.e. 40 or 56 bit
> > keys)
> > and, say, designing air traffic control systems in the '60s using
> two
> > digit year fields. You know it will work well enough for now, but
> that
> > it
> > will certainly be a problem in the future. Yes, there are other weak
> > points
> > that will have to be addressed, but that is no excuse for employing
> > crippled technologies. Just because you can retire before it all
> > blows up
> > doesn't make it any less irresponsible.
> >
> >
> > Arnold Reinhold
> >
> >
> [Trei, Peter]
> It was precisely to push this issue that I proposed
> the DES challenges to Jim Bidzos (long before I came
> to SDI). 40 bit crypto became a joke when Ian Goldberg
> cracked 40 bit RC5 in 3.5 hours.
>
> While it may be irritating to hear Government-droids
> claim that it takes 4 months to crack DES (actually,
> the latest crack took 40 days to search nearly the
> entire keyspace), and DES is therefore strong, if
> the DES challenges had not existed they would still
> be claiming that 56 bit encryption is uncrackable.
>
> The next DES challenge will have a 10 day limit, and
> I have a lot of confidence that it will be met.
>
> Peter Trei
> ptrei@securitydynamics.com
> DISCLAIMER: The above are my personal opinions only.
>
>
