[Hardware] RSA Challenges

John L. Bass jbass at dmsd.com
Mon Jun 4 18:44:25 EDT 2007


	John, thanks for your frank feedback about the impact of our decision on
	your research.

Was rather hoping EMC/RSA might reconsider withdrawing the abrupt Challenge
terminations, and set a reasonable sunset a couple years out.

I (and others) don't consider it fair to take the full PR rewards for
creating the Challenges, then abruptly withdraw them.  Countless others
answered YOUR Challenge with significant labor, direct equipment and
energy costs ... and are unable to collect in exchange. There is a serious
question of fairness here regarding Work-In-Progress for both factoring
and RC5 challenges. You guys started this ... let's be reasonable about
shuting it down.

Maybe your products are secure from these attacks, as has been demonstrated
for the last decade ... and will continue to be so, in which case no one will
collect much, if any of the remaining Challenges. On the other hand, a reasonable
sunset of a couple years out is only fair, as it's been clear that all attacks
are multi-year investments in resources, and should be allowed to conclude with
a reasonable known sunset period.

Even my project is 3-6 months out, *IF* I got the math/algorithm right the first
time, and it's been running since last fall.

It's certainly your right to cancel without a reasonable sunset. I certainly
don't think it's right either, for EMC/RSA to initiate the Challenge, and burn a
lot of peoples resources, without a fair sunset period.

John


More information about the Hardware mailing list