I am very far from being a mathematician, but Christian Huitema's
comments and analysis on this thread seem sensible to me.
Ran
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests:
Christian,
SEC does not increases costs equally for both attackers and defenders. An
increase of time T for the defender correspond to an increase of time T*2^59
for the attacker.
Right. I was speaking about the relative effort increase. For Sec = 0, I have
to do 1 unit of work, the
In your previous mail you wrote:
... nor will have an opportunity to work on the code that is needed
to try to break the RSA. I do not agree with what Christian posed
about being able to easily break it mathematically in a few seconds
and I will work on proving him wrong.
= not only I
[mailto:jari.ar...@piuha.net]
Sent: Thursday, March 21, 2013 1:19 PM
To: Christian Huitema; Hosnieh Rafiee
Cc: Santosh Chokhani; ipv6@ietf.org; s...@ietf.org; Ray Hunter
Subject: Re: [saag] security consideration of CGA and SSAS - Ii-D
action : draft-rafiee-6man-ssas
Is there a conclusion
Jari == Jari Arkko jari.ar...@piuha.net writes:
What is it that you don't understand. I will be happy to explain
it to you.
Jari Thanks. I read the details, but I'm missing the big
Jari picture. I.e., some effort is required from the owner to
Jari create an address. By
For the scheme in this draft,
the probability of a a second public key is: 1-(1-p)^(2^{1024-48}), where p
is the probability of a random number being a RSA public key.
I would not construct the attack by trying random numbers and checking them for
whether they are a public key. I would
Christian,
I would not construct the attack by trying random numbers and checking them
for whether they are a public key. I would start with a repository of prime
numbers, and then do something like:
I agree with this as well.
Jari
On 03/22/2013 02:47 PM, Christian Huitema wrote:
Pick two prime numbers from the catalog
Multiply the two numbers to get a candidate RSA key
Check whether the resulting pattern matches the 48 bits in the IID
I think you can be quicker than that. Generating primes is easy
Is there a conclusion of this thread? My read of it is that no amount of
tweaking how you calculate the IID help the fact that in 59/62 bits you have a
limited space to search. The Sec scheme does help, but increases costs equally
for both attackers and defenders.
FWIW, I'm struggling to
Hosnieh,
What is it that you don't understand. I will be happy to explain it to you.
Thanks. I read the details, but I'm missing the big picture. I.e., some effort
is required from the owner to create an address. By repeating that effort
(2^59)/2 times, someone else is likely to hit the same
Jari Arkko jari.ar...@piuha.net 写于 2013-03-22 05:55:35:
Hosnieh,
What is it that you don't understand. I will be happy to explain it to
you.
Thanks. I read the details, but I'm missing the big picture. I.e.,
some effort is required from the owner to create an address. By
repeating
, 2013 4:14 AM
To: Hosnieh Rafiee; ipv6@ietf.org; s...@ietf.org
Cc: alexandru.petre...@gmail.com; 'Roque Gagliano (rogaglia)'; 'Erik Nordmark';
'Ray Hunter'; jeanmichel.com...@orange.com
Subject: Re: [saag] security consideration of CGA and SSAS - Ii-D action :
draft-rafiee-6man-ssas
The attack
Nordmark'; 'Ray Hunter'; jeanmichel.com...@orange.com
Subject: Re: [saag] security consideration of CGA and SSAS - Ii-D
action : draft-rafiee-6man-ssas
The attack is *relatively* easier. It is not “easy.” It is much
harder to crack RSA than to find a matching hash. Cracking a 2048
bits RSA
; 'Roque Gagliano (rogaglia)'; 'Erik Nordmark';
'Ray Hunter'; jeanmichel.com...@orange.com
Subject: RE: [saag] security consideration of CGA and SSAS - Ii-D action :
draft-rafiee-6man-ssas
2048 bit RSA security is overstated. Cracking it requires on the order of
2^112 operations. You should look
14 matches
Mail list logo