|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] PGP ADK Vulnerability.
|
On Sun, Aug 27, 2000 at 03:04:07PM -0400, Charles Stack wrote:
> What is particularly disturbing to me is that people are calling the
> inclusion of ADKs a design oversight or a bug. It is neither. I also find
> it disturbing that NAI already has a solution to the problem (as if they
> knew it would surface sooner or later).
NAI was alerted to the possibility of this problem in 1998.
> I'd still love to know what the terms were regarding the "legalization" of
> PGP in this country. Obviously, key escrow was one item agreed upon. And,
It's unclear exactly what you mean by legalization, and which versions
of PGP you are talking about.
> RSADSI published a paper regarding an attack against Elliptic Curves (109
> bit) and determined that EC's of the length can be cracked within a year.
> Given that EC's algorithms typically work with keys that are 160 bits in
> length, is this merely an attack on EC to maintain the RSA fifedom?
For those who do not know, ECC is a PKC scheme that rests upon the difficulty
of solving the eliptic curve discrete logarithm problem: given P,Q on
curve C parameterized such that a'y^2=a''x^3 + a'''x + a''''b, find
i so that P=iQ, iEI. In general a'=a''=1. RSA key sizes are much longer
than ECC sizes for a computationally equivalent solution volume.
A tutorial is at http://www.certicom.com/research.html.
Let me know if there are questions.
-V.
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|