"there are two types of encryption in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. this book is about the latter."
-- bruce schneier, applied cryptography: protocols, algorithms, and source code in c. (pgp is also about the latter)

One of the problems with discussing encryption technology is the relative usefulness of terms- the distinction in the literature between 'strong' and 'weak' encryption is an example. Experts frequently debate in terms of 1024-bit, 2048-bit & 4096-bit key-lengths (vs. 56-bit DES today) - although here the assumption is that if a user wants material to be protected now, they will presumably want it protected tomorrow, and twenty years from now. Given the accelerated increase of availability of computer processing power therefore (the argument goes) one must guard not against computers based upon present capabilities, but those of computers for as long as the user wants the material to remain safeguarded. In 1997, Ian Goldberg, a University of Waterloo graduate, while studying at Berkeley, took up a challenge from RSA Data Security (who provide the security software 'engines' for Novell Networked Systems) to take apart their 128-bit protective key. Goldberg got access to Berkeley's considerable networked computing power for a night and 'brute-force' attacked the RSA code. With 250 computers it took just under four hours.

"It is almost universally recognized that 40-bit keys provide virtually no protection against threats today, except against the most casual 'attacker'. Even 56-bit keys, which are used in the 20-year-old Data Encryption Standard, are too short to protect commercial information given a modestly well-funded attack model. Both the Business Software Alliance and the National Research Council study group have noted the vulnerability of these short keys." -Matt Blaze, Cryptography Policy and the Information Economy, AT&T Labs Research, Dec. 27, 1996 - Electronic Freedom Foundation archive : http://www.eff.org

Log in or registerto write something here or to contact authors.