Re: Policy / Cryptography advice needed.

["Jeffrey I. Schiller" <jis () MIT EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am not a cryptographer, but I have hung out with them for a long time :-)

James H Moore wrote:
> ? strong encryption should be used, examples are RC4 at 128bits, 3DES,
> AES, or PGP 1024 bits (should this be 2048?).

With PGP there are really two different ciphers in use. The symmetric
one and the asymmetric one (aka RSA or DH). In general PGP will only use
a strong symmetric cipher (though exactly which one is uses depends on
the key(s) of the recipients. As for RSA or DH keys, 1024 is more then
enough strength for most people (1024 bit RSA keys have not been cracked
by either hardware nor software). In general people use 2048 bit keys
because they can and it gives you a large safety margin (a 1024 bit RSA
key *may* be cracked in the next 5 to 10 years, but a 2048 bit key will
not likely, unless RSA itself falls). Diffie-Hellman (really the
El-Gamal variant) tends to be stronger for the same key length.

The riskiest cipher listed above is RC4 (independent of key length).

> (What about Blowfish, TwoFish strengths?)

These should be fine for most applications. National Security work might
want to avoid Blowfish (because of short key length).

> ? what is not acceptable 40-bit RC4 or DES, unless used on a proxy
> server as a gateway to international campuses, and then only for the
> individuals located in or with frequent travel to export controlled
> countries.

There is a big difference between RC4-40 and DES. RC4-40 can be cracked
with commodity PC's in reasonable time. DES cannot. DES has been brute
forced with the aid of thousands of dollars of special purpose hardware.
 If some needs to use "export" grade software, they are much better off
with DES then with RC4-40.

In general people are badmouthing DES because new systems (which may be
around for 30+ years) should really avoid it. However it is fine today
for most "commercial" grade information. Most banking networks still use
DES to protect financial transactions.

As a practical matter, bad guys will use the weakest link to get into
systems and going after your servers is still much easier that cracking
any of the ciphers listed here (except perhaps RC4-40).

                        -Jeff
- --
 ============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
 ===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC7ove8CBzV/QUlSsRAppoAKD+5elpTBVV9WwykFn41Qp7F44hywCgyZDH
EmDy8n51pU9QswpoS6oq9dI=
=RUYo
-----END PGP SIGNATURE-----