Penetration Testing mailing list archives
Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...)
From: Brian Russo <brusso () PHYS HAWAII EDU>
Date: Sat, 9 Dec 2000 22:00:13 -1000
Hm, maybe I'm a little off-topic here, But I think maybe we should get a bit back to reality here and put things in perspective, Figuring out what level of encryption you need is all well and good, but consider that, any attacker who is wealthy/serious to the point where they can procure the latest and greatest crypto cracking hardware/employ masters of number theory, can much more easily get the same, or effectively the same information through other channels - bribery, surveillance, anyone remember the xerox machine in the soviet embassy? backdoors in software.. outright force, torturing.. the point is that there's other ways to defeat systems that use encryption. Ok, I'm sure you already knew that, but just for the benefit of some people who may have forgotten this.. I just wanted to reiterate it. I'm not saying encryption is worthless or anything.. just remember it's only part of a bigger picture, link in the chain.. whatever.. - brian On Sun, Dec 10, 2000 at 12:28:01AM -0000, Dom De Vitto wrote:
Hmmm, [ so trolling later ] The best document I've found is: http://www.scramdisk.clara.net/pgpfaq.html#SubRSADH
[snip, snip]
| From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf | Of Bennett Todd | 2000-12-06-18:46:50 Dom De Vitto: | > Yea, generally speaking 1024 bits can be done by gov's & big | > corps, with (I'd speculate) a few week or so's 24x7 effort. It's | > worth making the keys over 1200 bits, at which point brute forcing | > the 128 bit crypto is often easier/quicker. | | Are you sure about your numbers there? I believe the story is | something more like:
[snip, snip] -- Brian Russo <brusso () phys hawaii edu> GPG ID: 54D81666 404E 87E8 DD0C 275B 742B 09AD 2243 839C 54D8 1666 http://www.phys.hawaii.edu/~brusso/gpg_brian.asc magnus frater spectat te - encrypt whenever possible
Attachment:
_bin
Description:
Current thread:
- [PEN-TEST] Places to find crypto craking tools Erick Arturo Perez Huemer (Dec 01)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools William D. Colburn (aka Schlake) (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Crist Clark (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Dom De Vitto (Dec 07)
- [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Bennett Todd (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Brian Russo (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Camillo Särs (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Clem Colman (Dec 13)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)