[4438] in cryptography@c2.net mail archive
McCain and 64-bit crypto
daemon@ATHENA.MIT.EDU (Steve Bellovin)
Fri Apr 2 11:52:23 1999
From: Steve Bellovin <smb@research.att.com>
To: cryptography@c2.net
Date: Fri, 02 Apr 1999 10:22:57 -0500
Before cheering too much about McCain's apparent change of heart, it's
worth doing some arithmetic. 64-bit ciphers are vulnerable to a brute
force attack that costs 256 times what an attack on the same 56-bit
cipher would cost. Plug in EFF's 250K and you see that a similar design
would cost $64M. That's probably adequate for commercial security,
but it won't protect you against a government. Add in a few generations
of Moore's Law, and it becomes obvious that even business-grade security
won't be available for very long.
Is the bill an improvment? Sure. And the new review board is a definite
improvement. But I think that there's less here than meets the eye --
or the wiretap.
