Security Basics mailing list archives
Re: IEEE 802.11 security (public key encryption?)
From: "Nick Owen" <nowen () wikidsystems com>
Date: Fri, 25 Jul 2003 09:18:31 -0400
Michael: I agree with the comparison to RSA - and it's tough to be in crypto as a business because of that (esp. now that their patents have expired). However, if I had a choice between asymmetrically encrypted with Ntru and using WEP, I would chose Ntru. For our purposes, we are usually competing against hardware tokens, in particular RSA's SecurID, which uses an unpublished algorithm. In fact, we are usually competing against passwords for remote access, so the comparison should really be between the chances that your password will be broken (high) plus the costs of passwords (not inconsequential) to the chances that someone will break Ntru and use it against you and the cost of replacing Ntru or that someone will break Ntru but not use it against you and the cost of replacing Ntru. If you take the business analysis into the picture, the cryptanalysis changes in importance, IMO. Nick -----Original Message----- From: Michael Wenocur [mailto:michael () ainav com] Sent: Thursday, July 24, 2003 5:27 PM To: Nick Owen Cc: 'N407ER'; security-basics () securityfocus com Subject: Re: IEEE 802.11 security (public key encryption?) Greetings, Although the folks at Ntru are extremely talented, if not bona fide geniuses, their system of public key encryption has not yet received the kind of broad scrutiny needed to justify its deployment. Many excellent cryptographers have introduced systems that were later found to have glaring weaknesses. It is helpful to recall that Rivest, Shamir and Adelman (ie, R, S and A) discovered the RSA system only on their 42nd attempt. The first 41 were breakable. Michael PS Cryptographers propose and cryptanalysts dispose. Nick Owen wrote: Visit http://www.ntru.com/cryptolab/index.htm for detailed info. From their web site: "We describe NTRU, a new public key cryptosystem. NTRU features reasonably short, easily created keys, high speed, and low memory requirements. NTRU encryption and decryption use a mixing system suggested by polynomial algebra combined with a clustering principle based on elementary probability theory. The security of the NTRU cryptosystem comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q." It has been published since 1998. While there is a lot of comfort in RSA in that it's so old the patents have expired, the speed and size trade-offs are certainly worth it (depending on what "it" is, in our case, it is). There was a recent parameter attack published by Ntru where decryption failures (about one in 1 trillion messages could reveal the private key. They have fixed that issue (choose better parameters, essentially). In our system, we could have regenerated private keys easily anyway. I can't tell you anymore than what's on their website. It's hard math, but then all math was hard to me ;). Nick -----Original Message----- From: N407ER [mailto:n407er () myrealbox com] Sent: Wednesday, July 23, 2003 9:45 PM To: Nick Owen Cc: security-basics () securityfocus com Subject: Re: IEEE 802.11 security (public key encryption?) Do you know more about how it works? I'm curious how something which sounds from your description to be really light-weight can be equivalent to RSA. Thanks. Nick Owen wrote: Just one thought: we have used a commercial encryption package from Ntru for asymmetric encryption on wireless devices (we're using it for a two-factor authentication system). It is incredibly fast and incredibly small. The keys are 5k, our entire J2ME package is about 32k. The key strengths are equivalent to 1024 bit RSA. On a J2ME phone, key gen takes about 14 seconds, compared to 14 hours or so for ECC and 2+ days for RSA (had to kill it). We were using the Nextel 1st generation phones as well, the newer ones are faster. On a Blackberry or Palm, you hardly notice the key gen or encryption, in fact, the network lag is the key drag. I know that Ntru did some implementation for a Wi-Fi project. I think that it would be a great solution for asymmetric encryption for Wi-fi, if you had a particular need that warranted it. My assumption is that it was not considered for WEP because it's a commercial product. Nick Owen -- Nick Owen CEO WiKID Systems, Inc. 404-879-5227 nowen () wikidsystems com http://www.wikidsystems.com The End of Passwords --------------------------------------------------------------------------- ---------------------------------------------------------------------------- -- Nick Owen CEO WiKID Systems, Inc. 404-879-5227 nowen () wikidsystems com http://www.wikidsystems.com The End of Passwords -- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: IEEE 802.11 security (public key encryption?) N407ER (Jul 24)
- RE: IEEE 802.11 security (public key encryption?) Nick Owen (Jul 24)
- <Possible follow-ups>
- Re: IEEE 802.11 security (public key encryption?) Nick Owen (Jul 25)