On 24/5/09 14:03, Daniel A. Nagy wrote:
Hi,
Ian G wrote:
Nor, has 40 bit secret keys been embarrassed as yet.
That is not true.
Ah, caught by my lack of precise terms. The earlier sentence gave the
clue that I meant by embarrassment: broken and money lost because of it.
Stealing luxury cars with 40-bit ciphers in their RFID keys by
brute-forcing the (cryptographic) key is routine criminal practice.
See also http://en.wikipedia.org/wiki/Motor_vehicle_theft
OK, another great data point. But other than this:
# New keyless ignition/lock cars often share the same 40-bit encryption
method between their "keys" and their computers. Using a RFID
microreader and a laptop, university students have managed to remotely
unlock, start, and drive away in top-of-the-line luxury cars, not
without returning the cars to their rightful owners of course and with
their consent to "steal" it in the first place.[citation needed]
I see no evidence of "routine criminal practice" ... and unlike some, I
explicitly exclude "university students with or without laptop" from the
general class of criminals :)
Don't get me wrong: it is clear that we can crunch RSA in its smallest
number (which is?) and 40 bit encryption. And one day, criminals will.
What is not clear is whether they must be excluded from all possible
endeavours of commerce.
It's that whole pareto thing again. We don't exclude software with bugs
from commerce, nor paper-which-gets-lost, nor people-who-lie, nor all
the other unreliable elements of life. Why are we so obsessed with
impossibility in crypto?
iang