[Previous] [Next] [Index]
[Thread]
Re: 40 bit encryption: Missing the point
On Wed, 29 Mar 1995, Mike Muuss wrote:
>
> > (b) Key length for public keys (e.g. RSA or PGP) and for
> > symmetric ciphers (e.g. DES or RC4) are very different.
> > DES with 56-bit keys is moderately weak, but RC4 at 128 bits
> > (for example) is tremendously strong, whereas RSA with 512
> > bits is currently reasonable and RSA with 1024 bits is good.
>
> Yes, I'm aware of that. *smile* It didn't strike me until a few
> hours later that my lighthearted apples-n-oranges comparison there might
> be misleading. Thanks for providing the explanation.
>
> Best
> -Mike
>
Also, keep in mind that when you're talking about weak/reasonable/
strong that your talking about the algorithms, not their implementation
in a system. If you dynamically generate a shared session key for
a DES type system and you only need to protect the information for
a small period of time, then do you need a gold-plated solution that
protects the information for a multitude of years? And if the algorithms
are good but the key management is poor, what have you gained?
----------------------------------------------------------
Kenneth Rowe kerowe@cs.umbc.edu
434 Shipley Road rowe@prairienet.org
Linthicum, MD 21090 kerowe@ncsa.uiuc.edu
(410) 859-8487 (home)
----------------------------------------------------------
References: