-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
> Many thanks to Hal and Oskar for pointing out the mistakes in my
> key format; but one thing I'd like to defend is the 160-bit key
> size. As Hal points out, DSA keys are bigger, but they too can
> be hashed again to fit into 160 bits.
>
> The text format of messages we have will allow for bigger keys if
> we ever need them, but I don't think we ever will. Just to give
> an idea of how insanely huge 160 bit keyspace is, if every man,
> woman, and child on earth inserted 1 million keys a day for the
> next 1000 years, they wouldn't even come close to using up 80-bit
> keyspace, and 160-bit keyspace is the square of that. Collisions
> simply aren't going to happen in the lifetime of the Universe.
*Never* say never. Locking yourself into anything is generally a bad
idea. 56 bits was plenty long for DES back in the day, and assuming that
160 bits is secure is a good idea, but only if you assume that the cipher
is not defeatable by anything but a brute force attack. However, this is
simply not true. Many ciphers start out strong, at say 128 bits, then
come under attacks that show that it is possible to crack the key by
examining some fraction of the keyspace, say 60 bits.
Also, the AES standard that is soon to be agreed upon uses variable key
sizes up to 256 bits.
Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5BHfypXyM95IyRhURAlq6AJ9JAghf6mSJYhi/2YihUdFoCcxQQACeMcJC
yyHx+ur+3uf27j6ty+4hsM8=
=eAax
-----END PGP SIGNATURE-----
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
