FW: [rc5] 56 bits seem to be enough

Fedor Kouranov ted99 at ibm.net
Thu Jun 5 01:52:58 EDT 1997

On 06/04/97 Sean Reifschneider <jafo at tummy.com> said:

>>Essentially, we need variable-key-length methods, such as RSA (public key)
>>and RC5 (conventional). Then it will be safe to use, say, 10Kbit keys in

>Remember that encryption algorighms aren't comparable when you talk bits.
>As I understand it, IDEA at 128 bits is about as good as RSA at much
>larger bit-counts.

I've noted it below on that message. The 56-bit thing we are talking about
(and doing :) is the one that needs brute-force. RSA needs
less-than-brute-force. Anyway, the idea is just to have unlimited

>Another story: cars are getting harder and harder to break into, espcially
>if you want to get away with the whole car.  So, theives are waiting until
>YOU unlock the car, then confronting you at gun-point to get the car.
>Thanks, I think I preferred the old method...

Well, just don't lock your car then. What if it's Rolls-Royce? Park it in a
secure place. Think chain: you at one end, recipient at the other. PGP in
the middle is strong; whatever happens at the ends is under your

>Why break RSA whan you can take the PGP sources and install a trojan on a
>machine which e-mails the attacker the pass-phrase?

Why pass-phrase instead of just the secret key? ;-)

Another chain. All sources and binaries are distributed under the signature
of the guy who distributes them. Tweaking it is supposed to be hard. When
hundreds of paranoids scrutinize the code, some of them may spot the troyan
created by him. Maintaining integrity of your software is your task. That
is, you are the only one hwo can fail.

OK, to cut the thread, let's put it this way: no bit is enough, people want
endlessly strong cryptography, and it's their own problem what they do with

 /** Christ is risen ! *** __+__ ******  Fedor "Ted" Kouranov  *****/
 /* Xristos voskrese ! **   \|    ** ted99 at ibm.net * fedor at bu.edu **/
 /** Xristos anesti ! ****   |\  ** http://enz.siobc.ras.ru/~fedor */

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list