Anonymous[SMTP:[EMAIL PROTECTED]]
Bruce Schneier writes in the April 15, 2002, CRYPTO-GRAM,
http://www.counterpane.com/crypto-gram-0204.html:
But there's no reason to panic, or to dump existing systems. I don't
think
Bernstein's announcement has changed anything. Businesses today could
reasonably be content with their 1024-bit keys, and military
institutions
and those paranoid enough to fear from them should have upgraded years
ago.
To me, the big news in Lucky Green's announcement is not that he
believes
that Bernstein's research is sufficiently worrisome as to warrant
revoking
his 1024-bit keys; it's that, in 2002, he still has 1024-bit keys to
revoke.
Does anyone else notice the contradiction in these two paragraphs?
First Bruce says that businesses can reasonably be content with 1024 bit
keys, then he appears shocked that Lucky Green still has a 1024 bit key?
Why is it so awful for Lucky to still have a key of this size, if 1024
bit keys are good enough to be reasonably content about?
Anonymous is missing the joke here. Bruce suggests that ordinary
non-paranoid users (here represented as 'businesses') should feel
reasonably content with 1024 bit keys, but 'military institutions
and those paranoid enough to fear them should have upgraded
years ago'.
So, we have three categories of users:
1. businesses (ie, 'ordinary users)
2. Military institutions.
3. The paranoid (whether justified or not).
Well, Lucky's not a business, and he's certainly not a military
institution (despite his fondness for ordinance). What does that
leave? Most of us who know him got a little chuckle out of this.
For RSA's 'official' position on this issue, take a look at:
http://www.rsasecurity.com/rsalabs/technotes/bernstein.html
If there's a call for it, I'll post the whole text so you can read
it without visiting our site (it's not too long).
Peter Trei
RSA Security
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]