Certicom? [...] [Fwd: NSA Turns To Commercial Software ForEncryption]

Adam L Beberg beberg at mithral.com
Sun Oct 26 14:30:20 PST 2003


On Sunday, October 26, 2003, at 03:56  PM, Gregory Alan Bolcer wrote:

> "Dr. Robert J. Harley" wrote:
>
>> Not a defensible position IMO.  Certicom's patents mostly apply to
>> hardware designs and are work-aroundable, as previously discussed on
>> this list.  Same as patents on most things.  Or you can license them
>> for 2% of revenue (or whatever the going rate is).
>
> FWIW, this is about going rate for RSA too, BTW.

2% is most companies profit margin! And RSA has been free for some time 
now. I'll take profitable RSA for 800 Alex.

> Adam Beberg wrote:
>>> Besides 4K-RSA + AES-256 + SHA-256 are all way way way stronger then 
>>> my
>>> knuckles, which is of course the only brute force method the NSA 
>>> uses.
>
> FWIW also, I thought the whole point of ECC was
> that bit-for-bit it either provided stronger encryption,
> aka less likely to be brute-forced, or the same level
> encryption as other methods, but with less computing power
> which makes it ideal for client PKI and mobile devices.

You only do the RSA once per conversation (or longer if you're tricky), 
which means anything made in the last 10 years is more then fast enough 
and completely unnoticeable in amongst the packet lag of a mobile 
device.

But again, RSA/ECC is not the attack point, the 
keyboard/Outlook/user/OS is. Oh, and of course the New York Times, 
which covers all things top secret :)

- Adam L. Beberg - beberg at mithral.com
   http://www.mithral.com/~beberg/



More information about the FoRK mailing list