Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...)

[Brian Russo <brusso () PHYS HAWAII EDU>]

Hm, maybe I'm a little off-topic here,

But I think maybe we should get a bit back to reality here and put things in
perspective,

Figuring out what level of encryption you need is all well and good, but
consider that, any attacker who is wealthy/serious to the point where they can
procure the latest and greatest crypto cracking hardware/employ masters of
number theory, can much more easily get the same, or effectively the same
information through other channels - bribery, surveillance, anyone remember
the xerox machine in the soviet embassy? backdoors in software.. outright
force, torturing.. the point is that there's other ways to defeat systems that
use encryption.

Ok, I'm sure you already knew that, but just for the benefit of some people
who may have forgotten this.. I just wanted to reiterate it.

I'm not saying encryption is worthless or anything.. just remember it's only
part of a bigger picture, link in the chain.. whatever.. 
 - brian
 
On Sun, Dec 10, 2000 at 12:28:01AM -0000, Dom De Vitto wrote:
> Hmmm,
>
> [ so trolling later ]
>
> The best document I've found is:
> http://www.scramdisk.clara.net/pgpfaq.html#SubRSADH
[snip, snip] 
>  | From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
>  | Of Bennett Todd
>  | 2000-12-06-18:46:50 Dom De Vitto:
>  | > Yea, generally speaking 1024 bits can be done by gov's & big
>  | > corps, with (I'd speculate) a few week or so's 24x7 effort.  It's
>  | > worth making the keys over 1200 bits, at which point brute forcing
>  | > the 128 bit crypto is often easier/quicker.
>  | 
>  | Are you sure about your numbers there? I believe the story is
>  | something more like:
[snip, snip]

-- 
Brian Russo <brusso () phys hawaii edu> GPG ID: 54D81666
404E 87E8 DD0C 275B 742B  09AD 2243 839C 54D8 1666
http://www.phys.hawaii.edu/~brusso/gpg_brian.asc
magnus frater spectat te - encrypt whenever possible

Attachment: _bin
Description: