Re: R: strong encryption for Europeans

[Martin W Freiss <freiss.pad () sni de>]

> If keys are changed often enough, I think 56 bits is still pretty much ok for
> most uses. It depends very much on the lifetime of the data transfered versus
> the time needed to crack the key. If the key is changed every 15 minutes (and
> I assume a much stronger protection on the key exchange), then the attacker
> not only has to deal with finding the key, but also with finding the window in
> which the data he is interested in was transferred.

Well, partly. Frequent key changes guard against an attacker being able to
monitor a sustained data stream, but still leaves us with (taking your example)
15 minute chunks of data that can feasibly be decrypted, one at a time, 
by brute force.

It all boils down the old adage "cracking it must be more expensive than
the worth of the data". For data of strategic importance, 56 bits is not 
enough. For those just wanting to safeguard against the casual snooper,
and many companies I know of fall into that category, 56 bits is certainly
enough.
 
-Martin

--
 Martin Freiss, MF194   | freiss.pad () sni de | http://www.rmi.de/~marvin
 Siemens Nixdorf, CC IT Networks, Solution Team Internet/Intranet
Half male, half e-mail.