From owner-freebsd-chat Tue Sep 7 10:45:55 1999 Delivered-To: freebsd-chat@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 39F5514E73; Tue, 7 Sep 1999 10:45:54 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 2C4721CD8BE; Tue, 7 Sep 1999 10:45:54 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Tue, 7 Sep 1999 10:45:54 -0700 (PDT) From: Kris Kennaway To: Mark Ovens Cc: freebsd-chat@freebsd.org Subject: Re: (fwd) CNN - Crypto expert: Microsoft products leave door opentoNSA - September 3, 1999 (fwd) In-Reply-To: <19990907182859.A283@marder-1> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 7 Sep 1999, Mark Ovens wrote: > Hasn't the US govt recently been generous and allowed 56-bit > encryption to be exported? ISTR that "export" versions of IE now > have it, or is M$ a special case? This is still almost trivially breakable thesedays - refer EFF's "Deep Crack" hardware. > Anyway, who cares what the US govt thinks, says, or does about > encryption? We all have PGP which is as much as 512 (or is it 1024?) > bit. Asymmetric cryptography like DH/RSA (used in PGP) doesn't directly compare to symmetric cryptography (DES, blowfish, etc) in terms of key bitlengths: a 512-bit asymmetric key is roughly as "strong" as a 56-bit symmetric key (e.g. DES) (give or take an order of magnitude, I don't have figures handy). 1024 is considered to be reasonably secure against attack for the next few years, but if you want to be secure in the longer-term you should be using 2048-bit keys or larger. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message