Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!unido!opal!tmpmbx!scuzzy!src
From: src@scuzzy.in-berlin.de (Heiko Blume)
Newsgroups: comp.unix.internals
Subject: Re: DES export regulations. And what to do about it!
Message-ID: <1991Jan04.022637.12550@scuzzy.in-berlin.de>
Date: 4 Jan 91 02:26:37 GMT
References: <18874@rpp386.cactus.org> <1548@inews.intel.com> <1991Jan02.202703.8608@decuac.dec.com> <1562@inews.intel.com>
Organization: Contributed Software
Lines: 26

bhoughto@pima.intel.com (Blair P. Houghton) writes:
>Ob. internals:
>Yes, RSA is more nasty than DES, but DES is still virtually
>infallible.

since it has not been proven, that there isn't a much faster
algorithm than the published one, it's quite possible that
the NSA has added some bogus stuff to the algorithm. that way
they can break crypted data easily while the others have a
hard time with the slower algorithm. also, why do you think
did they shorten the key from 128 to 56 bits in the first place?

  How much "harder" is it to crack an RSA'ed password than
>a DES'ed one?

potentially very much, since you can make your keys (passwords) longer
when the crackers' machines speed catches up. how about a key with
1000 *digits* compared to 56 *bits* ?!

besides, DES still has the problem of how to securely exchange the password
and the authentification lack.
-- 
      Heiko Blume <-+-> src@scuzzy.in-berlin.de <-+-> (+49 30) 691 88 93
                    public source archive [HST V.42bis]:
        scuzzy Any ACU,f 38400 6919520 gin:--gin: nuucp sword: nuucp
                     uucp scuzzy!/src/README /your/home