> Anonymous[SMTP:[EMAIL PROTECTED]] > > Bruce Schneier writes in the April 15, 2002, CRYPTO-GRAM, > http://www.counterpane.com/crypto-gram-0204.html: > > > But there's no reason to panic, or to dump existing systems. I don't > think > > Bernstein's announcement has changed anything. Businesses today could > > reasonably be content with their 1024-bit keys, and military > institutions > > and those paranoid enough to fear from them should have upgraded years > ago. > > > > To me, the big news in Lucky Green's announcement is not that he > believes > > that Bernstein's research is sufficiently worrisome as to warrant > revoking > > his 1024-bit keys; it's that, in 2002, he still has 1024-bit keys to > revoke. > > Does anyone else notice the contradiction in these two paragraphs? > First Bruce says that businesses can reasonably be content with 1024 bit > keys, then he appears shocked that Lucky Green still has a 1024 bit key? > Why is it so awful for Lucky to "still" have a key of this size, if 1024 > bit keys are good enough to be "reasonably content" about? > Anonymous is missing the joke here. Bruce suggests that ordinary non-paranoid users (here represented as 'businesses') should feel reasonably content with 1024 bit keys, but 'military institutions and those paranoid enough to fear them should have upgraded years ago'.
So, we have three categories of users: 1. businesses (ie, 'ordinary users) 2. Military institutions. 3. The paranoid (whether justified or not). Well, Lucky's not a business, and he's certainly not a military institution (despite his fondness for ordinance). What does that leave? Most of us who know him got a little chuckle out of this. For RSA's 'official' position on this issue, take a look at: http://www.rsasecurity.com/rsalabs/technotes/bernstein.html If there's a call for it, I'll post the whole text so you can read it without visiting our site (it's not too long). Peter Trei RSA Security --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]