On 19/09/13 00:23 AM, Lucky Green wrote:
I get that 1024 bits is about on the edge, about equivalent to 80
bits or a little less, and may be crackable either now or sometime
soon.
Moti Young and others wrote a book back in the 90's (or perhaps) 80's,
that detailed the strength of various RSA key lengths over time. I am
too lazy to look up the reference or locate the book on my bookshelf.
Moti: help me out here? :-)
these days keylength.com is your friend :) It tends to be
internationalised so there is less bias.
According to published reports that I saw, NSA/DoD pays $250M (per
year?) to backdoor cryptographic implementations. I have knowledge of
only one such effort. That effort involved DoD/NSA paying $10M to a
leading cryptographic library provider to both implement and set as
the default the obviously backdoored Dual_EC_DRBG as the default RNG.
Bingo! The dots are now filled in. NSA -> NIST -> supplier.
That's precisely what I would do if I were them:
http://www.metzdowd.com/pipermail/cryptography/2013-September/017179.html
This was $10M wasted. While this vendor may have had a dominating
position in the market place before certain patents expired, by the
time DoD/NSA paid the $10M, few customers used that vendor's
cryptographic libraries.
There is no reason to believe that the $250M per year that I have seen
quoted as used to backdoor commercial cryptographic software is spent
to any meaningful effect.
Somewhat fun to enjoy salacious results from their keystone cops antics,
yes, but the important thing is to develop the threat model. Having
some clear line of the process clarifies it immensely.
We now have to review NIST in its entirety.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
