Subject: | |
From: | |
Reply To: | |
Date: | Mon, 20 Sep 1999 14:32:22 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Chris Bartram writes:
>Why not get both? DES/triple-DES are (with sufficient keysizes) VERY tough
>ciphers,
56-bit DES encryption has been broken with brute force in hours using
non-classified special purpose equipment. It's a reasonable guess that
DES is an open book to NSA and other agencies with similar computing
power available. Worse, communication between an HP3000 and a terminal is
highly stylized ("HELLO ...", "RUN ...."), making attacks that much
easier. It's likely that general-purpose equipment two years from now
will be able to achieve solutions in hours or days, and unless passwords
are changed on cycles shorter than the average solution time, cracking a
single key is all that's necessary to obtain system access.
It's worth looking at GnuPG (<http://www.gnupg.org>) to see if that can
be made to work.
-- Bruce
--------------------------------------------------------------------------
Bruce Toback Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc. (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142 | But ah, my foes, and oh, my friends -
Phoenix AZ 85028 | It gives a lovely light.
btoback AT optc.com | -- Edna St. Vincent Millay
Mail sent to [log in to unmask] will be inspected for a
fee of US$250. Mailing to said address constitutes agreement to
pay, including collection costs.
|
|
|