On 11 March 2013 11:09, Ido Regev <ido.re...@ecitele.com> wrote: > Hi, > > > > I haven't found a reply to the specific question the customer is asking me. > > Any other direction will be greatly appreciated.
The problem is that the spec is rather vague - who knows what I might invent as a custom build to break their particular encryption? It seems to me to be impossible to predict such a thing, e.g. look at Deep Crack (http://en.wikipedia.org/wiki/EFF_DES_cracker), which turned out to be substantially cheaper than off-the-shelf computers, or TWINKLE (http://en.wikipedia.org/wiki/TWINKLE), which no-one has built yet, AFAIK. For this to be actionable, it probably needs to specify the type of thing one would spend the million euros on (e.g. commodity PCs). > > > > Ido > > > > From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] > On Behalf Of Jason Gerfen > Sent: Wednesday, March 06, 2013 4:29 PM > To: openssl-dev@openssl.org > Subject: Re: Question on encryption algorithms brittleness > > > > NIST has more details. http://csrc.nist.gov/publications/PubsFIPS.html See > FIPS 200 (Minimum guidelines), FIPS 198--1 (HMAC), FIPS 197 (AES, symmetric > algorithms) & FIPS 185 (PKI escrow) > > > > On Wed, Mar 6, 2013 at 7:15 AM, Matt Caswell <fr...@baggins.org> wrote: > > This site would be a good place to start: > > http://www.keylength.com/ > > Matt > > > > On 6 March 2013 13:56, Ido Regev <ido.re...@ecitele.com> wrote: > > We have a requirement from one of our customers regarding the encryption > algorithms – "Make use of published public encryption algorithms that are > considered to be practically unbroken. Contracting Authority considers an > algorithm practically unbroken when a key can’t be recovered within 1 year > with hardware costing less than 1,000,000 euro. We should have a life cycle > process for the encryption algorithms in place to ensure the 1 year duration > is kept despite the every increase computing power. Describe the process." > > > > We would greatly appreciate if you could help us with this question. > > > > Best regards, > > Ido > > This e-mail message is intended for the recipient only and contains > information which is CONFIDENTIAL and which may be proprietary to ECI > Telecom. If you have received this transmission in error, please inform us > by e-mail, phone or fax, and then delete the original and all copies > thereof. > > > > > > > -- > Jason Gerfen > jason.ger...@gmail.com > > http://www.github.com/jas- > http://dev.in-my-cloud.com/pow-mia > http://in-my-cloud.com > http://awesomealaskaadventures.com > http://phpdhcpadmin.sourceforge.net > > This e-mail message is intended for the recipient only and contains > information which is CONFIDENTIAL and which may be proprietary to ECI > Telecom. If you have received this transmission in error, please inform us > by e-mail, phone or fax, and then delete the original and all copies > thereof. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
