Re: Short keys * Options, combinations, and negotiations => simplicity

[Stephen Kent <kent@bbn.com>]

Perry,

        The analysis you cite on the cost of key breaking focuses on just
one aspect of an overall intercept operation.  Because it fails to take
into account many other factors that arise in real world intercept
situations, the results are potentially misleading.

        It is worth noting that single DES is widely used to provide
confidentiality for a number of very substantial financial services
apoplications.  If the cost of breaking DES is sufficiently low, then
organized criminals are missing a great opportunity to steal billions of
dollars.  If these folks (who do constitute a threat for many commercial
clients) are not exploiting this vulnerability, either the cost is not so
low, or they have better means of generating income.

        This is not a counter to the issue raised by Bob Moskowitz, since
foreign intelligence agencies have different priorities,  motivations and
capabilities.

        Because there are many ways to acquire sensitive information, not
just via passive intercepts, a fair amount of thought has to go into
analysis of what constitutes appropriate security technology, relative to
various threats.  In developing a standard like IPSEC, we can allow for
various algorithms and key lengths to accommodate different threat
environments.  However, because more secure algorithms and longer key
lengths often entail performance penalties, one should make an informed
decision when selecting among multiple options.

Steve

---

• Prev by Date: Re: Deafening Silence
• Next by Date: Re: Short keys * Options, combinations, and negotiations => simplicity
• Prev by thread: Re: Short keys * Options, combinations, and negotiations => simplicity
• Next by thread: Re: Short keys * Options, combinations, and negotiations => simplicity
• Index(es):
  • Main
  • Thread