On Tue, Apr 16, 2002 at 08:44:06PM +0200, Anonymous wrote: > Bruce Schneier writes in the April 15, 2002, CRYPTO-GRAM, > http://www.counterpane.com/crypto-gram-0204.html: > > > But there's no reason to panic, or to dump existing systems. I don't think > > Bernstein's announcement has changed anything. Businesses today could > > reasonably be content with their 1024-bit keys, and military institutions > > and those paranoid enough to fear from them should have upgraded years ago. > > > > To me, the big news in Lucky Green's announcement is not that he believes > > that Bernstein's research is sufficiently worrisome as to warrant revoking > > his 1024-bit keys; it's that, in 2002, he still has 1024-bit keys to revoke. > > Does anyone else notice the contradiction in these two paragraphs? > First Bruce says that businesses can reasonably be content with 1024 bit > keys, then he appears shocked that Lucky Green still has a 1024 bit key? > Why is it so awful for Lucky to "still" have a key of this size, if 1024 > bit keys are good enough to be "reasonably content" about? >
My read of this is not that Bruce thought Lucky silly for having 1024-bit keys, but rather that *if* Lucky has had them until now, it shows that they aren't really old-hat, thrown out by every half-sensible cryptographer years ago, that in fact it's reasonable to assume they're still "reasonably" secure (for some definition of "reasonably"). I have no idea if that's what Bruce intended, but that's how I took it. Regards, Jeremey. -- Jeremey Barrett [[EMAIL PROTECTED]] Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]