[clug] [OT] all text passwords == secure?
Robert Edwards
bob at cs.anu.edu.au
Tue Aug 28 17:52:19 MDT 2012
On 28/08/12 20:37, Martijn van Oosterhout wrote:
> On Tue, Aug 28, 2012 at 07:58:57PM +1000, Paul Wayper wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 28/08/12 12:32, Robert Edwards wrote:
>>>> Also, Paul, are you "blindly" trusting GPG? How do _you_ know that large
>>>> prime numbers really are hard to factor? What if someone did know how
>>>> to do it? Would you necessarily trust them to tell everyone?
>>
>> Yes, I would trust them to tell everyone, because by and large the people
>> working on that maths are security researchers who publish. Although the NSA
>> and other country-level security organisations employ lots of mathematicians,
>> and there's a non-zero chance that one of them could find it and not tell
>> anyone, I doubt it would be discovered for long.
>
> Actually, we know how to factor large prime numbers, it's the composite
> numbers that are tricky. But that's probably what you meant anyway.
Oops - my bad - thanks for picking it up. I should have said "factoring
large numbers whose only factors are large primes".
Cheers,
Bob Edwards.
>
> We also know an algorithm to factor large composites quickly, Shor's
> algorithm: http://en.wikipedia.org/wiki/Shor%27s_algorithm
>
> And we know it has been done for 4 bit numbers, see:
>
> http://hardware.slashdot.org/story/12/08/26/1541256/solid-state-quantum-computer-finds-153x5-48-of-the-time
> http://arxiv.org/pdf/1202.5707v1.pdf
>
> This is using conventional chip-fabrication techniques, so easier to
> scale. If you apply Moore's law to that then your 1024-bit RSA key
> starts looking dodgy in ten years, your 4096-bit key three years later.
> Elliptic curve won't save you. Or as someone asks in one of the
> slashdot comments, if a bunch of researchers can do this now with 4
> bits, what can an organisation with practically unlimited budget and
> interest like the NSA do?
>
> It also breaks your perfect forward secrecy of Diffie-Hellman. So
> anyone recording your SSH sessions now will be able to work out what
> you typed, in ten years time.
>
> May we live in interesting times indeed.
>
> Have a nice day,
>
>
>
More information about the linux
mailing list