Quantum Economics

A. Padgett Peterson P.E. Information Security (PADGETT@hobbes.orl.mmc.com)
Fri, 15 Mar 1996 21:00:13 -0500 (EST)
Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Bob Dickinson: "Is S/MIME Secure?"
Raph rote (I think, pretty sure it wasn't Steve):
>I'm not sure I agree that 40-bit encryption is better than no encryption
>at all. There are two ways in which that is not true: the false sense of
>security, and the cost of the encryption, measured in key management
>hassle, significantly degraded performance, etc.

Would like to talk for a minute about "costs". The cost to break 40 bits 
is known: three and a half hours (on the average) with a purpose built
machine. In dollars, the figure $500 has been mentioned. So for any
message worth less than $500, 40 bits is "enough".

Now cost can be calculated in many ways - the risk of a stay in a federal
guest facility seems to weigh heavily on a few. For others it might be a
job, a contract, a spouse, or the trust of friends/peers. With attackers,
the question becomes twofold: is there an easier way and if not, is it
worth the effort ?

Bottom line: if you are at risk for 'arf a buck or more, more is better.
If the value is zero, Rot13 should be sufficient to declare an intent
for privacy.

Now if "more" is what you need then 40 bits is really a quite silly
number. Modern personal computers do not operate in multiples of 40,
they operate in multiples of 8, 16, 32, 64, 128 & on. The cycles required
for anything between these quanta are the same as the end point (could make
a case for 48 & 96. Won't).

In the fifties, 80 (and 40) was a quanta. It related to the presets possible
with an 80 column punch card. If you distributed your codes as packs of
punch cards to be used in purpose built machines, these numbers made sense.
Then.

Today, the register in a PC is the universal quanta, hence the multiples
above.

Key management, what ever method used, is a fixed cost. Distributed on CD-
ROM the cost is the same for any sane number (Figure distribution to be
owner/key at a minimum. Say 8 bytes for owner id and 64 for key. 72 bytes.
220,000 keys. 15 Mb. Heck, we do not have to be so stingy with the ID.

So I agree 40 bits is not enough and costs the same (in cycles) as 64. Next
logical jump is 96 unless you have 64 bit registers available in which case
you might as well go straight to 128.

So 40 bits costs the same as 64 (more actually because with 40 you have
to do some trimming of the data to fit) and you get less. Poor marketing.

Of course ITAR is going away, am certain of that. Sooner if Leahy can
pass his bill, later if it has to wait for Mr. Bill to decide the most
votes will be swayed. Just too many people care. Moneyed people looking 
at International Electronic Commerce as a fat cash cow. Major corporations 
looking for secure E-Mail (and who have messages worth more than $500). 

Personal exemptions and SET exclusions have now publicly defanged ITAR,
the fat lady is running out of breath.

Once upon a time IS managers were ignorant enough to think that the
number of bits were meaningless, if the NSA said it was OK then it
must be. Today, they (or their staffs) know the difference between 
56 bit DES and 512 bit RSA and are saying neither is "enough". 

As a consequence, "40 bits" has become a political embarassment, the
gov could do without and their moneyied supporters are calling for a fix.
ITAR is vagrant and squeaky wheels get greased. By November.

					Warmly,
						Padgett
Previous message: Bob Dickinson: "Is S/MIME Secure?"