Linux crypto killer apllication

[Robert J. Hansen]

Faramir wrote:
> I remember some well known figure died, and left some information to
> be disclosed a lot of years latter... I am not sure, but I think she
> was Jacqueline Kennedy... and it was enough time to be sure her sons 
> would be dead by that time.

Some of Mark Twain's writings are not to be released until 2010.
[shrugs]  The presence of outliers proves nothing other than there are
outliers.  The general point I'm making remains: I consider it an
unproven, unfounded, and overly broad assertion that most people have
secrets they want kept for the duration of their lives.

> I don't get if you are saying Ron Rivest was optimistic, or if you 
> are saying it would take less time than he calculated...

Both.  By Rivest's original figuring, RSA512 would remain secure for
millions upon millions of years.

Rivest was optimistic, and it took far less time than he had calculated.
 If in the 1970s you had used Rivest's 100-year figures, you'd be using
RSA512 today.

This is Ron Rivest we're talking about here -- one of the brightest
lights in modern crypto.[*]  If Ron's predictions have a track record of
failure, and so does everyone else's, then why are we taking the "16kbit
for a century" predictions seriously?


[*] Also a fine gentleman, with a sense of humor that's positively
elfin.  I suspect he would much rather be known for that than for being
"the big brain on crypto".  :)

>> My cellphone is a modern computer, and it disagrees with you.  I 
>> imagine the time to verify would be measured in minutes, not 
>> instants.
> 
> Come on, there is a big difference between a cellphone and a desktop
>  computer, even if they were made the same year...

Apparently you haven't used an iPhone.  The iPhone supports IMAP, and a
lot of computer geeks I know have their iPhone set up to monitor their
inbox.  It's an awful platform to write emails from, but it's very
useful for mobile work.  Porting GnuPG to the iPhone would be fairly
straightforward -- writing a GnuPG plugin for the iPhone's mail client
would probably not be too hard -- but waiting five minutes for the
iPhone to number-crunch a 16kbit key would be excessive.

Mobile is where things are at nowadays.  A good cell phone is a
surprisingly powerful computer, comparable to a desktop of a decade ago.
It has great connectivity and you can easily get tens of gigabytes of
storage attached.

Don't be fooled by the small displays and awkward user interfaces.

> I figure when they intend to protect something for 100 years, they 
> would encrypt the file and store it somewhere... and if it is so 
> valuable, probably it should be in a place safer than a computer...

Ask yourself this question: "why, then, is the original poster
recommending the use of RSA, when all that's needed is symmetric crypto?"

> By the way, it would be easier to steal the protected file, and steal
> the key...

As I have said several times, the strongest cipher in the world is no
match for a lonely embassy cipher clerk and a thousand dollar a night
hooker armed with a bottle of eighteen year old Scotch.

The English idiom for trustworthy information, "straight from the
horse's mouth", was originally "straight from the whore's mouth", and
dates from the era where the best military intelligence was collected by
talking to the prostitutes a commander visited.  I've found references
to this sort of intelligence gathering going back all the way to
Hannibal Barca and the Battle of Cannae.  It's effective, reliable and
cheap.

The NSA spent billions developing new ciphersystems.  The KGB just went
after the cipher clerks.

These sorts of attacks tend to be dramatically effective against
cryptosystems.  Human failings are endemic to the system.

The more we focus on adding another few bits to our keys, the less we
focus on the human factor.  That's where your attention needs to go when
it comes to long-term security.  People talk.  They always do.