[e-privacy] (no subject)
Nomen Nescio
nobody at dizum.com
Wed Feb 27 10:30:22 CET 2002
.....
<#mml type=message/rfc822 disposition=inline>
From: Keith Ray <aphex at nullify.org>
To: mixmaster-devel at lists.sourceforge.net, remops at lexx.shinn.net
Subject: [Mixmaster-devel] Mixmaster v3: A call for action
Date: Tue, 26 Feb 2002 13:08:19 -0600
A potential new development in factoring has called into question the security
of the current Mixmaster v2 protocol. Daniel Bernstein has outlined the
possibility of building a machine than can factor three times larger primes than
is currently possible with the same cost. A 512-bit integer was factored in
1999 by Herman te Riele, and if Bernstein's machine is created, a 1536-bit
integer could be factored as easily. We know that the NSA invests heavily in
not only advances in math, but also hardware. It would be prudent to assume
that the NSA and other agencies already have discovered Bernstein's advances and
currently have a working machine.
Currently, the Mixmaster v2 protocol uses a hybrid Triple-DES and RSA
cryptosystem. The RSA keys are a fixed size of 1024-bits. Using Bernstein's
machine, this could be cracked with the same ease as a 342-bit key today. The
anonymous remailers are a huge target for TLA and law enforcement snooping, and
clearly, 1024-bit RSA keys are no longer secure against such agencies. I
therefore propose we expedite the development of the Mixmaster Protocol v3.
I also propose we update the Mixmaster v3 protocol as follows:
1. Use AES-256 [FIPS 197] as the symmetric cipher.
2. Use SHA-512 [Draft FIPS 180-2] as the secure hash.
3. Use 4098-bit RSA, DH, or ElGamal as the default asymmetric cipher with
2048-bit as the minimum key size.
We need to move ahead and make Mixmaster v3 a reality. We need to update and
finalize the spec, create a roadmap for the development, and gather volunteers
to do the coding. Security features should be the top priority as time is no
longer on our side. Moore's law waits for no one.
D. J. Bernstein. Circuits for integer factorization.
http://cr.yp.to/papers/nfscircuit.ps
Mixmaster Protocol v3
http://www.eskimo.com/~rowdenw/crypt/Mix/draft-moeller-v3-01.txt
-- Nullify Admin
_______________________________________________
Mixmaster-devel mailing list
Mixmaster-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mixmaster-devel
<#/mml>
--
Ciao
leandro
Email: leandro at firenze.linux.it
GPG Key fingerprint = CCF5 27C9 5E73 6DEF 53BD 346F AFA4 F6D2 3938 4158
More information about the E-privacy
mailing list