Re: 40 bit encryption: Missing the point

To: Mike Muuss <mike@arl.mil>
Subject: Re: 40 bit encryption: Missing the point
From: Kenneth Rowe <kerowe@cs.umbc.edu>
Date: Thu, 30 Mar 1995 08:29:08 -0500 (EST)
cc: Marc Andreessen <marca@netscape.com>, www-security@ns1.rutgers.edu
In-Reply-To: <9503291829.aa09444@wolf.arl.mil>

On Wed, 29 Mar 1995, Mike Muuss wrote:

> 
> > (b) Key length for public keys (e.g. RSA or PGP) and for
> >     symmetric ciphers (e.g. DES or RC4) are very different.
> >     DES with 56-bit keys is moderately weak, but RC4 at 128 bits
> >     (for example) is tremendously strong, whereas RSA with 512
> >     bits is currently reasonable and RSA with 1024 bits is good.
> 
> Yes, I'm aware of that.  *smile*  It didn't strike me until a few
> hours later that my lighthearted apples-n-oranges comparison there might
> be misleading.  Thanks for providing the explanation.
> 
> 	Best
> 	 -Mike
> 

Also, keep in mind that when you're talking about weak/reasonable/
strong that your talking about the algorithms, not their implementation
in a system.  If you dynamically generate a shared session key for
a DES type system and you only need to protect the information for
a small period of time, then do you need a gold-plated solution that
protects the information for a multitude of years?  And if the algorithms
are good but the key management is poor, what have you gained?

----------------------------------------------------------
Kenneth Rowe			kerowe@cs.umbc.edu
434 Shipley Road		rowe@prairienet.org
Linthicum, MD 21090		kerowe@ncsa.uiuc.edu
(410) 859-8487 (home)
----------------------------------------------------------

References:

Re: 40 bit encryption: Missing the point

From: Mike Muuss <mike@arl.mil>

Previous: Re: 40 bit encryption: Missing the point
Next: Re: use of RSA outside US (was Re: Netscape and 40 bit encry
Index(es):
- Index
- Thread