[tahoe-dev] 100-year cryptography
Chris Palmer
chris at noncombatant.org
Tue Mar 9 13:43:53 PST 2010
I sent this to Zooko privately, regarding his "100-year cryptography" blog
post:
http://testgrid.allmydata.org:3567/uri/URI:DIR2-RO:j74uhg25nwdpjpacl6rkat2yhm:kav7ijeft5h7r7rxdp5bgtlt3viv32yabqajkrdykozia5544jqa/wiki.html#[[can%20we%20build%20a%20crypto%20system%20to%20last%20for%20a%20hundred%20years%3F]]
He asked if I would like to have the dialog in public, so here goes!
----- Forwarded message from Chris Palmer <chris at noncombatant.org> -----
From: Chris Palmer <chris at noncombatant.org>
To: zooko at zooko.com
Date: Sat, 6 Mar 2010 16:53:36 -0800
Subject: 100-year cryptography
Although SHA-512 is two orders of magnitude slower/more power-hungry on ARM
than SHA-256, that is *now*. In 5 or 10 years, we are likely to have faster
machines, machines with larger word sizes (even small/low-power machines),
and/or better power supplies/batteries. In 5 or 10 years, we will be glad we
used unnecessarily strong functions 5 or 10 years ago. For long-lived data
at rest, skimping on security for performance is just a bad trade --- even
though, yes, I fully agree that the performance concerns are real and
critical.
I feel certain that K = 128 is good, and pretty sure that SHA-512's K will
be gnawed down to 128 or lower in the medium-term.
By then, of course, we will have migrated to SHA-3, which will be faster and
maybe even safer. If only we had SHA-3 now...
----- End forwarded message -----
More information about the tahoe-dev
mailing list