high-grade vs low-grade encryption with MD5 and DES

Hi all.
Verisign currently has a discount on both a high grade (128bits) SSL
encrypted and a low grade (40bits) SSL encrypted certificates. The former is
priced at US$895 and the latter at US$1395.
I noticed some sites also present Verisign certificates with low-grade,
54-bits encryption from their Microsoft/IIS servers. However I cannot find a
54-bits certificate in www.verisign.com/products/site/commerce/index.html
Is this 54-bits affair only for Microsoft / IIS ???
Is low-grade encryption with 40 and 54 bits considered "compromised" ???
Are there any finance/insurance industry standard requiring a 128 bits,
high-grade encryption ???

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: high-grade vs low-grade encryption with MD5 and DES

This is really symptomatic of our industry, isn't it? We seen to be our own
worse enemy.
Back in 95, it took that French student days to crack the 40-bit codes. Now
we are talking about minutes... its disheartening. Merde. I really wonder
how some of those MS sites survive these days...

----- Original Message -----
From: "Dave Paris"
To:
Sent: Monday, August 11, 2003 06:16 PM
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


> "compromised" is probably a poor word to use, "pointlessly weak" is
> more accurate. If you're going to use SSL and you're dealing with data
> that needs to be protected longer than 5 minutes, use 128bit SSL.
>
> -dsp
>
> On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
>
> > Hi all.
> > Verisign currently has a discount on both a high grade (128bits) SSL
> > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > former is
> > priced at US$895 and the latter at US$1395.
> > I noticed some sites also present Verisign certificates with low-grade,
> > 54-bits encryption from their Microsoft/IIS servers. However I cannot
> > find a
> > 54-bits certificate in
> > www.verisign.com/products/site/commerce/index.html
> > Is this 54-bits affair only for Microsoft / IIS ???
> > Is low-grade encryption with 40 and 54 bits considered "compromised"
> > ???
> > Are there any finance/insurance industry standard requiring a 128 bits,
> > high-grade encryption ???
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: high-grade vs low-grade encryption with MD5 and DES

Practicality : do not use 4096 bits server side private key. No, not even
2048.
Key size larger than 1024 is not supported by those bollocky client
browsers. Netscape and MSIE4 come to mind.
Regards,
Arthur Chan

----- Original Message -----
From: "Dave Paris"
To:
Sent: Monday, August 11, 2003 07:34 PM
Subject: RE: high-grade vs low-grade encryption with MD5 and DES


> The "5 minutes" I mentioned doesn't implicitly refer to the amount of time
> needed to crack the ciphertext, but more the type of data and the amount
of
> time it needs to be protected.
>
> A couple examples:
>
> Example 1:
> A password which will only work for the next ten minutes only needs to be
> protected by encryption capable of rendering the text sufficiently
scrambled
> for that 10 minute duration. This might mean it would take an attacker 1
> minute to obtain the ciphertext and get it into a state where it can be
> cryptanalyzed. Four or five minutes to determine the cipher used. Then
the
> attacker is left with only 3 or 4 minutes to break the cipher if they need
> one minute to actually use the password. So, how strong do you need
> encryption in this case? Only long enough to hold out against a 3 to 4
> minute attack.
>
> Example 2:
> A "sealed" court case which is mandated to be sealed for 20 years needs to
> be protected by a cipher capable of using a large enough keyspace to keep
a
> sustained attack against the data at bay for that 20 years.
>
> Herein lies the challenge in the practical utilization of cryptography...
> how do we know what will protect data for 20 years? We don't. So we make
> educated guesses. We make compromizes. We use "best-available". In the
> example of the password above, 56 bit DES would be a reasonable choice.
> It's fast, but weak - yet strong enough to keep that password encrypted
for
> the two or three - heck, six, minutes it would be attacked. (this is not
to
> say that one should use the weakest available cipher for any given problem
> set! 3DES, AES, or Blowfish would be a much better choice in any case.)
In
> the example of the sealed court records, we're not worried about
transaction
> speed or decryption speed so an asymmetric cipher capable of utilizing a
> 4096 bit (or larger!) private key is much more appropriate.
>
> Kind Regards,
> -dsp
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
> Sent: Sunday, August 10, 2003 6:39 AM
> To: modssl-users@modssl.org
> Subject: Re: high-grade vs low-grade encryption with MD5 and DES
>
>
> This is really symptomatic of our industry, isn't it? We seen to be our
own
> worse enemy.
> Back in 95, it took that French student days to crack the 40-bit codes.
Now
> we are talking about minutes... its disheartening. Merde. I really wonder
> how some of those MS sites survive these days...
>
> ----- Original Message -----
> From: "Dave Paris"
> To:
> Sent: Monday, August 11, 2003 06:16 PM
> Subject: Re: high-grade vs low-grade encryption with MD5 and DES
>
>
> > "compromised" is probably a poor word to use, "pointlessly weak" is
> > more accurate. If you're going to use SSL and you're dealing with data
> > that needs to be protected longer than 5 minutes, use 128bit SSL.
> >
> > -dsp
> >
> > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
> >
> > > Hi all.
> > > Verisign currently has a discount on both a high grade (128bits) SSL
> > > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > > former is
> > > priced at US$895 and the latter at US$1395.
> > > I noticed some sites also present Verisign certificates with
low-grade,
> > > 54-bits encryption from their Microsoft/IIS servers. However I cannot
> > > find a
> > > 54-bits certificate in
> > > www.verisign.com/products/site/commerce/index.html
> > > Is this 54-bits affair only for Microsoft / IIS ???
> > > Is low-grade encryption with 40 and 54 bits considered "compromised"
> > > ???
> > > Are there any finance/insurance industry standard requiring a 128
bits,
> > > high-grade encryption ???
> > >
> > > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List modssl-users@modssl.org
> > > Automated List Manager majordomo@modssl.org
> > >
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: high-grade vs low-grade encryption with MD5 and DES

"compromised" is probably a poor word to use, "pointlessly weak" is
more accurate. If you're going to use SSL and you're dealing with data
that needs to be protected longer than 5 minutes, use 128bit SSL.

-dsp

On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:

> Hi all.
> Verisign currently has a discount on both a high grade (128bits) SSL
> encrypted and a low grade (40bits) SSL encrypted certificates. The
> former is
> priced at US$895 and the latter at US$1395.
> I noticed some sites also present Verisign certificates with low-grade,
> 54-bits encryption from their Microsoft/IIS servers. However I cannot
> find a
> 54-bits certificate in
> www.verisign.com/products/site/commerce/index.html
> Is this 54-bits affair only for Microsoft / IIS ???
> Is low-grade encryption with 40 and 54 bits considered "compromised"
> ???
> Are there any finance/insurance industry standard requiring a 128 bits,
> high-grade encryption ???
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: high-grade vs low-grade encryption with MD5 and DES

The "5 minutes" I mentioned doesn't implicitly refer to the amount of time
needed to crack the ciphertext, but more the type of data and the amount of
time it needs to be protected.

A couple examples:

Example 1:
A password which will only work for the next ten minutes only needs to be
protected by encryption capable of rendering the text sufficiently scrambled
for that 10 minute duration. This might mean it would take an attacker 1
minute to obtain the ciphertext and get it into a state where it can be
cryptanalyzed. Four or five minutes to determine the cipher used. Then the
attacker is left with only 3 or 4 minutes to break the cipher if they need
one minute to actually use the password. So, how strong do you need
encryption in this case? Only long enough to hold out against a 3 to 4
minute attack.

Example 2:
A "sealed" court case which is mandated to be sealed for 20 years needs to
be protected by a cipher capable of using a large enough keyspace to keep a
sustained attack against the data at bay for that 20 years.

Herein lies the challenge in the practical utilization of cryptography...
how do we know what will protect data for 20 years? We don't. So we make
educated guesses. We make compromizes. We use "best-available". In the
example of the password above, 56 bit DES would be a reasonable choice.
It's fast, but weak - yet strong enough to keep that password encrypted for
the two or three - heck, six, minutes it would be attacked. (this is not to
say that one should use the weakest available cipher for any given problem
set! 3DES, AES, or Blowfish would be a much better choice in any case.) In
the example of the sealed court records, we're not worried about transaction
speed or decryption speed so an asymmetric cipher capable of utilizing a
4096 bit (or larger!) private key is much more appropriate.

Kind Regards,
-dsp


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
Sent: Sunday, August 10, 2003 6:39 AM
To: modssl-users@modssl.org
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


This is really symptomatic of our industry, isn't it? We seen to be our own
worse enemy.
Back in 95, it took that French student days to crack the 40-bit codes. Now
we are talking about minutes... its disheartening. Merde. I really wonder
how some of those MS sites survive these days...

----- Original Message -----
From: "Dave Paris"
To:
Sent: Monday, August 11, 2003 06:16 PM
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


> "compromised" is probably a poor word to use, "pointlessly weak" is
> more accurate. If you're going to use SSL and you're dealing with data
> that needs to be protected longer than 5 minutes, use 128bit SSL.
>
> -dsp
>
> On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
>
> > Hi all.
> > Verisign currently has a discount on both a high grade (128bits) SSL
> > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > former is
> > priced at US$895 and the latter at US$1395.
> > I noticed some sites also present Verisign certificates with low-grade,
> > 54-bits encryption from their Microsoft/IIS servers. However I cannot
> > find a
> > 54-bits certificate in
> > www.verisign.com/products/site/commerce/index.html
> > Is this 54-bits affair only for Microsoft / IIS ???
> > Is low-grade encryption with 40 and 54 bits considered "compromised"
> > ???
> > Are there any finance/insurance industry standard requiring a 128 bits,
> > high-grade encryption ???
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: high-grade vs low-grade encryption with MD5 and DES

Hi, I never see 4096 bits keys used in the SSL transactions. I once
see the key in the root CA in the natioanl PKI initiative in one
country under very restrictive usage with customized application.

I am just wondering if the market is moving to use such a longer bits
key.

-Kiyoshi
Kiyoshi Watanabe

> Practicality : do not use 4096 bits server side private key. No, not even
> 2048.
> Key size larger than 1024 is not supported by those bollocky client
> browsers. Netscape and MSIE4 come to mind.
> Regards,
> Arthur Chan
>
> ----- Original Message -----
> From: "Dave Paris"
> To:
> Sent: Monday, August 11, 2003 07:34 PM
> Subject: RE: high-grade vs low-grade encryption with MD5 and DES
>
>
> > The "5 minutes" I mentioned doesn't implicitly refer to the amount of time
> > needed to crack the ciphertext, but more the type of data and the amount
> of
> > time it needs to be protected.
> >
> > A couple examples:
> >
> > Example 1:
> > A password which will only work for the next ten minutes only needs to be
> > protected by encryption capable of rendering the text sufficiently
> scrambled
> > for that 10 minute duration. This might mean it would take an attacker 1
> > minute to obtain the ciphertext and get it into a state where it can be
> > cryptanalyzed. Four or five minutes to determine the cipher used. Then
> the
> > attacker is left with only 3 or 4 minutes to break the cipher if they need
> > one minute to actually use the password. So, how strong do you need
> > encryption in this case? Only long enough to hold out against a 3 to 4
> > minute attack.
> >
> > Example 2:
> > A "sealed" court case which is mandated to be sealed for 20 years needs to
> > be protected by a cipher capable of using a large enough keyspace to keep
> a
> > sustained attack against the data at bay for that 20 years.
> >
> > Herein lies the challenge in the practical utilization of cryptography...
> > how do we know what will protect data for 20 years? We don't. So we make
> > educated guesses. We make compromizes. We use "best-available". In the
> > example of the password above, 56 bit DES would be a reasonable choice.
> > It's fast, but weak - yet strong enough to keep that password encrypted
> for
> > the two or three - heck, six, minutes it would be attacked. (this is not
> to
> > say that one should use the weakest available cipher for any given problem
> > set! 3DES, AES, or Blowfish would be a much better choice in any case.)
> In
> > the example of the sealed court records, we're not worried about
> transaction
> > speed or decryption speed so an asymmetric cipher capable of utilizing a
> > 4096 bit (or larger!) private key is much more appropriate.
> >
> > Kind Regards,
> > -dsp
> >
> >
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
> > Sent: Sunday, August 10, 2003 6:39 AM
> > To: modssl-users@modssl.org
> > Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> >
> >
> > This is really symptomatic of our industry, isn't it? We seen to be our
> own
> > worse enemy.
> > Back in 95, it took that French student days to crack the 40-bit codes.
> Now
> > we are talking about minutes... its disheartening. Merde. I really wonder
> > how some of those MS sites survive these days...
> >
> > ----- Original Message -----
> > From: "Dave Paris"
> > To:
> > Sent: Monday, August 11, 2003 06:16 PM
> > Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> >
> >
> > > "compromised" is probably a poor word to use, "pointlessly weak" is
> > > more accurate. If you're going to use SSL and you're dealing with data
> > > that needs to be protected longer than 5 minutes, use 128bit SSL.
> > >
> > > -dsp
> > >
> > > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
> > >
> > > > Hi all.
> > > > Verisign currently has a discount on both a high grade (128bits) SSL
> > > > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > > > former is
> > > > priced at US$895 and the latter at US$1395.
> > > > I noticed some sites also present Verisign certificates with
> low-grade,
> > > > 54-bits encryption from their Microsoft/IIS servers. However I cannot
> > > > find a
> > > > 54-bits certificate in
> > > > www.verisign.com/products/site/commerce/index.html
> > > > Is this 54-bits affair only for Microsoft / IIS ???
> > > > Is low-grade encryption with 40 and 54 bits considered "compromised"
> > > > ???
> > > > Are there any finance/insurance industry standard requiring a 128
> bits,
> > > > high-grade encryption ???
> > > >
> > > > ____________________________________________________________ __________
> > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > > User Support Mailing List modssl-users@modssl.org
> > > > Automated List Manager majordomo@modssl.org
> > > >
> > >
> > > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List modssl-users@modssl.org
> > > Automated List Manager majordomo@modssl.org
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
> >
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: high-grade vs low-grade encryption with MD5 and DES

I wasn't [specifically] referring to SSL. In fact, the mere premise of
passing data designated as "must be protected" for a 20 year timeframe over
128 bit SSL (with a 1024 bit client key) frightens me to the core. (If the
encryption of this data was protecting *you* from [we'll go on a limb here
and be dramatic] an crime organization with tens of millions of dollars to
devote to discovering who turned them in to the Feds, would *you* want it
sent over a 1024 bit SSL link?!)

*THIS* is what's really wrong with the industry - we have people using
technology in inappropriate situations. Too many who DO understand how to
use it appropriately with the responsibilities, restrictions, and caveats
that come with that understanding are either unable or unwilling to convince
those in the position of "final decision maker" of just how WRONG certain
applications/implementations actually are.

Bottom line, if the available protocols & application cannot support the
data protection requirements - DO NOT send the data over that link.

For a baseline dissertation on key lengths for symmetric and asymmetric
ciphers, please see:
http://www.giac.org/practical/gsec/Lorraine_Williams_GSEC.pd f

Additionally, RSA currently recommends 2048 bit keys for "extremely valuable
keys". My gut says that knowing about devices like TWIRL, et al. make 2048
bit keys risky for long-term protection because God only knows what devices
we *don't* know about.

-dsp

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
Sent: Sunday, August 10, 2003 7:52 AM
To: modssl-users@modssl.org
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


Practicality : do not use 4096 bits server side private key. No, not even
2048.
Key size larger than 1024 is not supported by those bollocky client
browsers. Netscape and MSIE4 come to mind.
Regards,
Arthur Chan

----- Original Message -----
From: "Dave Paris"
To:
Sent: Monday, August 11, 2003 07:34 PM
Subject: RE: high-grade vs low-grade encryption with MD5 and DES


> The "5 minutes" I mentioned doesn't implicitly refer to the amount of time
> needed to crack the ciphertext, but more the type of data and the amount
of
> time it needs to be protected.
>
[...]
> Example 2:
> A "sealed" court case which is mandated to be sealed for 20 years needs to
> be protected by a cipher capable of using a large enough keyspace to keep
a
> sustained attack against the data at bay for that 20 years.
>
> Herein lies the challenge in the practical utilization of cryptography...
> how do we know what will protect data for 20 years? We don't. So we make
> educated guesses. We make compromizes. We use "best-available". In the
> example of the password above, 56 bit DES would be a reasonable choice.
> It's fast, but weak - yet strong enough to keep that password encrypted
for
> the two or three - heck, six, minutes it would be attacked. (this is not
to
> say that one should use the weakest available cipher for any given problem
> set! 3DES, AES, or Blowfish would be a much better choice in any case.)
In
> the example of the sealed court records, we're not worried about
transaction
> speed or decryption speed so an asymmetric cipher capable of utilizing a
> 4096 bit (or larger!) private key is much more appropriate.
[...]


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: high-grade vs low-grade encryption with MD5 and DES

Hi Yoshi.
I have been looking around and haven't seen 4096 in use either. I think
most companies have settled for the standard by default ie 1024/128 and it
would be a lot of work to change that. What do they do under those
circumstances ? Revoke the old certificate and issue new one ? You can do
your own survey, simply throw up the log-on screen for the major banks (and
second tier ones), then look at their certificates. They all have 1024/128.
I can't see a long live for 1024/128, maybe a few more years. Something is
bound to happen.
Also, I doubt whether it is practical, seeing how some (slightly) older
browsers cannot handle that.
Arthur
----- Original Message -----
From: "Kiyoshi Watanabe"
To: ;
Cc:
Sent: Monday, August 11, 2003 08:39 PM
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


>
> Hi, I never see 4096 bits keys used in the SSL transactions. I once
> see the key in the root CA in the natioanl PKI initiative in one
> country under very restrictive usage with customized application.
>
> I am just wondering if the market is moving to use such a longer bits
> key.
>
> -Kiyoshi
> Kiyoshi Watanabe
>
> > Practicality : do not use 4096 bits server side private key. No, not
even
> > 2048.
> > Key size larger than 1024 is not supported by those bollocky client
> > browsers. Netscape and MSIE4 come to mind.
> > Regards,
> > Arthur Chan
> >
> > ----- Original Message -----
> > From: "Dave Paris"
> > To:
> > Sent: Monday, August 11, 2003 07:34 PM
> > Subject: RE: high-grade vs low-grade encryption with MD5 and DES
> >
> >
> > > The "5 minutes" I mentioned doesn't implicitly refer to the amount of
time
> > > needed to crack the ciphertext, but more the type of data and the
amount
> > of
> > > time it needs to be protected.
> > >
> > > A couple examples:
> > >
> > > Example 1:
> > > A password which will only work for the next ten minutes only needs to
be
> > > protected by encryption capable of rendering the text sufficiently
> > scrambled
> > > for that 10 minute duration. This might mean it would take an
attacker 1
> > > minute to obtain the ciphertext and get it into a state where it can
be
> > > cryptanalyzed. Four or five minutes to determine the cipher used.
Then
> > the
> > > attacker is left with only 3 or 4 minutes to break the cipher if they
need
> > > one minute to actually use the password. So, how strong do you need
> > > encryption in this case? Only long enough to hold out against a 3 to
4
> > > minute attack.
> > >
> > > Example 2:
> > > A "sealed" court case which is mandated to be sealed for 20 years
needs to
> > > be protected by a cipher capable of using a large enough keyspace to
keep
> > a
> > > sustained attack against the data at bay for that 20 years.
> > >
> > > Herein lies the challenge in the practical utilization of
cryptography...
> > > how do we know what will protect data for 20 years? We don't. So we
make
> > > educated guesses. We make compromizes. We use "best-available". In
the
> > > example of the password above, 56 bit DES would be a reasonable
choice.
> > > It's fast, but weak - yet strong enough to keep that password
encrypted
> > for
> > > the two or three - heck, six, minutes it would be attacked. (this is
not
> > to
> > > say that one should use the weakest available cipher for any given
problem
> > > set! 3DES, AES, or Blowfish would be a much better choice in any
case.)
> > In
> > > the example of the sealed court records, we're not worried about
> > transaction
> > > speed or decryption speed so an asymmetric cipher capable of utilizing
a
> > > 4096 bit (or larger!) private key is much more appropriate.
> > >
> > > Kind Regards,
> > > -dsp
> > >
> > >
> > > -----Original Message-----
> > > From: owner-modssl-users@modssl.org
> > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
> > > Sent: Sunday, August 10, 2003 6:39 AM
> > > To: modssl-users@modssl.org
> > > Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> > >
> > >
> > > This is really symptomatic of our industry, isn't it? We seen to be
our
> > own
> > > worse enemy.
> > > Back in 95, it took that French student days to crack the 40-bit
codes.
> > Now
> > > we are talking about minutes... its disheartening. Merde. I really
wonder
> > > how some of those MS sites survive these days...
> > >
> > > ----- Original Message -----
> > > From: "Dave Paris"
> > > To:
> > > Sent: Monday, August 11, 2003 06:16 PM
> > > Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> > >
> > >
> > > > "compromised" is probably a poor word to use, "pointlessly weak" is
> > > > more accurate. If you're going to use SSL and you're dealing with
data
> > > > that needs to be protected longer than 5 minutes, use 128bit SSL.
> > > >
> > > > -dsp
> > > >
> > > > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
> > > >
> > > > > Hi all.
> > > > > Verisign currently has a discount on both a high grade (128bits)
SSL
> > > > > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > > > > former is
> > > > > priced at US$895 and the latter at US$1395.
> > > > > I noticed some sites also present Verisign certificates with
> > low-grade,
> > > > > 54-bits encryption from their Microsoft/IIS servers. However I
cannot
> > > > > find a
> > > > > 54-bits certificate in
> > > > > www.verisign.com/products/site/commerce/index.html
> > > > > Is this 54-bits affair only for Microsoft / IIS ???
> > > > > Is low-grade encryption with 40 and 54 bits considered
"compromised"
> > > > > ???
> > > > > Are there any finance/insurance industry standard requiring a 128
> > bits,
> > > > > high-grade encryption ???
> > > > >
> > > > >
____________________________________________________________ __________
> > > > > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > > > > User Support Mailing List
modssl-users@modssl.org
> > > > > Automated List Manager
majordomo@modssl.org
> > > > >
> > > >
> > > >
____________________________________________________________ __________
> > > > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > > > User Support Mailing List
modssl-users@modssl.org
> > > > Automated List Manager
majordomo@modssl.org
> > >
> > > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List modssl-users@modssl.org
> > > Automated List Manager majordomo@modssl.org
> > >
> > >
> > >
> > > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List modssl-users@modssl.org
> > > Automated List Manager majordomo@modssl.org
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org