David Schwartz wrote:
I can split the second case into two parts:
If there IS a key AND there are NO quantum computers then
the key provides adequate protection
No, it doesn't future advances in compution *will* make any given key insecure eventually. Your communications today *will* be known in the future.
Wait a second -- isn't this what "Perfect Forward Security" is all about???
OK, quantum computing protects against a passive eavesdropper man in the middle attack where the adversary just copies input to output without knowing what is going by, but maintains a log of all the communication, to be used as input to some kind of brute force cracker.
BUT, changing the key periodically provides the same protection, as long as you re-key before enough traffic has passed by to make this kind of cracking likely. This invokes the cost of out-of-band key distribution for the private key case, and requires a new certificate to be issued every so often (every year or two?) in the PKI case.
Note that making the key (certificate) longer, 2048 instead of 1024 etc makes the analysis task that much harder.
-- "An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street..."
Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
