North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: 1024-bit RSA keys in danger of compromise (fwd)

  • From: Deepak Jain
  • Date: Mon Mar 25 22:27:53 2002


$2B isn't an insurmountable barrier. It is well within most intelligence
agencies' budgets, and that price will only get lower.


Agreed. Imagine what intelligence agencies could gain by turning your most
valuable employees for secrets.

> At present, if you have the sophistication to break an "interesting" key,
> you could have the sophistication to not be detected MITM. The difference
> between inserting/replacing a valid flow, and simply listening [unless the
> attacker is stupid] isn't that big a difference from a detection [of the
> attack] point of view.

Passive attacks are, by definition, undetectable. Active attacks are not;
some are simply more detectable than others.


I disagree about passive attacks, but I won't go into all of the reasons
here. Passive attacks, by my definition, only imply that they do not
interrupt the flow they are observing. [interrupt, at least at a macroscopic
level]. For an example of passive monitoring that can be detected, look at
the example of how one would sniff live fiber in the field [without splicing
or introducing electronics]. Or for a more common place example, think of an
induction coil next to an electrical wire. Its a passive attack, but is
_definitely_ detectable.

> No one is going to spend millions of dollars to get at most the same
> millions of dollars of back in credit card fraud [good money after bad].
> Anyone who is relying on these commercial architectures to secure gov't
> secrets or secrets worthy of an intelligence outfit's attention is a moron
> [for numerous reasons]. If all you are doing is trying to secure machines
> against script kiddies, starting huge public debates and initiatives and
> like seems like overkill to me. [investment is greater than reward]. YMMV.

Remember that there is no international law preventing a country's
intelligence agency from committing industrial espionage for its own
companies (and in fact this is common practice).


Sure, no argument.

Also, remember that the US Military has considered, and may very well be
using, IPsec in the field to coordinate military maneuvers.

I think you're really missing the main point with that $2 billion figure.
The "big surprise" is that we might be able to put a price-point on
factoring 1024 bit keys -- previously, they were thought to be "secure


I guess this is an assumption we don't all share. You know what they say
about assumptions.

A machine that costs $2 billion today, according to Moore's law, will cost
about $200,000 20 years from now. Not counting inflation. That will be
well within many people's budgets.


Also agreed. Anyone who thinks the shelf life of their keys is 20 years, or
the information captured today is valuable for more than a couple of years,
then they are making generous assumptions too.

If its a big surprise that any key of any arbitrary length can be cracked in
finite time and in finite resources, I think people haven't been thinking
about the information presented in the security books out there. Most of the
estimates that say anything is "unbreakable" don't recognize that Moore's
law is real, and accelerating...

Deepak Jain