Interesting People mailing list archives
more on on crypto systems from CTO PGP
From: David Farber <dave () farber net>
Date: Mon, 10 Jul 2006 12:33:45 -0400
Begin forwarded message: From: Brad Templeton <btm () templetons com> Date: July 10, 2006 12:06:08 PM EDT To: David Farber <dave () farber net> Cc: job () pgp com Subject: Re: [IP] on crypto systems from CTO PGP On Mon, Jul 10, 2006 at 06:04:17AM -0400, David Farber wrote:
Modern cryptographic systems are essentially unbreakable, particularly if an adversary is restricted to intercepts. We have argued for, designed, and built systems with 128 bits of security .... If you want to brute-force a key, it literally takes a planet-ful of ... They could know something we don't. They could know some fundamental truth about mathematics (like how to factor really fast), some effective form of symmetric cryptanalysis, or something else. They could know about quantum computers, DNA computers, systems based upon
While it is also a non-scientific statement, this history of "unbreakable" cryptography is checkered. Significant numbers of systems judged unbreakable using the thinking of the day have ended up having flaws. Some claims of unbreakability also fell victim to the unexpected push of Moore's law (such as DES, which we at the EFF demonstrated the crackability of many years ago.) One of my favourite charts at a crypto conference did a graph between the predicted lifetime of cryptosystems (often expressed, in terms of tens of thousands of years, or now lifetimes of the universe) and the actual lifetime under unanticipated cryptanalysis techniques. It was meant to be an amusement but it looked like a real trend. 2^128 will not be readily brute-forced with the technology we envision today. The point is that most of these systems were not broken with the technology (and other aspects of cryptanalysis) we know today.Each flaw found in a cryptosystem makes our next system stronger, of course,
but it's very risky to say we've found the last flaw, discovered the last breakthrough in cryptanalysis. As for quantum computing, a classmate of mine has endowed a center for quantum computing at Waterloo, using his RIM money. I asked him recently how many q-bits they could do, he told me they had classified the answer. That could mean they are being overly paranoid in their classifications (quite likely) or that they have classified it because they wonder if the future answer will be military level, or if they have classified it just to keep people wondering. But one can't help but wonder. All this said, I feel pretty confident in our modern systems. But not enough to say essentially unbreakable. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on on crypto systems from CTO PGP David Farber (Jul 10)