LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
From: Mark Newton <newton@atdot.dotat.org>
To : behoffski <behoffski@grouse.com.au>
Date: Tue, 14 Sep 1999 22:38:00 +0930 (CST)
Re: Encryption (was Re: Linux Console Security)
behoffski wrote:
> Note that the level of encryption needed to keep people out
> is increasing all the time, as decryption machines become
> cheaper and people discover new attacks. NIST is working
> through a process of selecting a new crypto scheme at the
> moment, called AES (Advanced Encryption Standard). Many of
> these encryption schemes have 256-bit keys.
The days of the inadequacy of 256-bit keys for long-term protection
of data are fast approaching. If NIST is pushing 256-bit keys, you
can bet your bottom dollar that that means the NSA is capable of
cracking 256-bit crypto in a reasonably short amount of time. :-)
The strength of crypto that should be used is a function of the
value of the data you're protecting and the length of time you need
to protect it for. If you need to keep a contract worth $100,000
secret for a 14-day cooling-off period, don't use an algorithm that
can be cracked in 13 days by a machine that costs $99,999. As the
critical length of time increases, the cost of a machine which will
break the key within that time decreases, and vice-versa. For
reference purposes, the DES cracker built by EFF, "Deep Crack," can
be built for under US$100,000, and can crack a 56 bit DES key in a few
hours.
Are there any rich bastards reading this list? :-)
> The days of 56-bit DES are long gone, if you're serious about
> keeping data hidden.
Absolutely -- passwords included.
- mark
--------------------------------------------------------------------
I tried an internal modem, newton@atdot.dotat.org
but it hurt when I walked. Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----
--
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
Return to the LinuxSA Mailing List Information Page