[rc5] 56 bits seem to be enough

Torren Craigie-Manson yp at bc.sympatico.ca
Thu Jun 5 09:53:59 EDT 1997

At 04:04 PM 6/4/97 +0000, you wrote:
>It would seem the stats are holding at around 5.5 years to complete
>the 56 bit RSA crack. The whole point of the exercise was to prove
>to the government that 56 bit keys are not sufficient, and given the
>huge amount of distributed computing power already involved I'm of
>the opinion that instead you've managed to prove the opposite.
>At any rate, what does it matter? People can still use RSA with 64
>bit keys or more.
>What I wonder is if there is a better method of finding the key
>than exhaustive search--and that the government knows of this method
>and is keeping it secret. If they can do that what hope do we have,
>other than to create custom encryption methods for each task?

How long do you want your data protected for?  If you want something safe
for ten years or so, you'd better use something much bigger that 56.
Especially if it's just one 56 bit key that protects all of your stuff.  I
believe it was Kevin Mitnick who had some encrypted files cracked by some
three letter agency (don't recall which one, don't have the book handy.
Pick one, they were probably involved).  Seems they hired a department of
energy super duper computer to find his key.  Lesson to be learned?  Use
really really really big keys, and use more than one.

Note that I'm not sure what type of encryption he was using... it's a fair
bet that the TLA (three letter agency) didn't do a brute force attack,
whatever type it was.  I may dig out the book and see what the gory details
Torren Craigie-Manson
yp at bc.sympatico.ca

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list