Hello. I am still interested in the concept of using 576 bit keys;
composed of 9 parts of 64-bit keys, and applied and mixed by SHA-256
or SHA-3.
Comments?
Message: 1
Date: Sun, 04 Nov 2012 15:03:56 +1300
From: Peter Gutmann pgut...@cs.auckland.ac.nz
To: cryptography@randombit.net, j...@callas.org
Subject: Re: [cryptography] Why using asymmetric crypto like symmetric
crypto isn't secure
Message-ID: e1tupz6-0002cu...@login01.fos.auckland.ac.nz
Jon Callas j...@callas.org writes:
Which immediately prompts the question of what if it's long or secret? [1]
This attack doesn't work on that.
The asymmetric-as-symmetric was proposed about a decade ago as a means of
protecting against new factorisation attacks, and was deployed as a commercial
product. I don't recall them keeping the exponent secret because there wasn't
any need to... until now that is. So I think Taral's comment about not using
crypto in novel ways is quite apropos here, the asymm-as-sym concept only
protected you against the emergence of novel factorisation attacks (or the use
of standard factorisation attacks on too-short keys) as long as no-one
bothered trying to attack the public-key-hiding itself.
If you believe that the only attack against RSA is factoring the modulus,
then you can be seduced into thinking that hiding the modulus makes the
attacker's job harder.
Yup, and that was the flaw in the reasoning behind the keep-the-public-key-
secret system. So this a nice textbook illustration of why not to use crypto
in novel ways based purely on intuition.
Peter.
[1] Not my footnote.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
