ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: don´t aynone know anything about Encryption in TSM.

2002-04-04 14:07:35
Subject: Re: don´t aynone know anything about Encryption in TSM.
From: Kyle Sparger <ksparger AT DIALTONEINTERNET DOT NET>
Date: Thu, 4 Apr 2002 14:13:40 -0500 
> (unless they can hack it, but then any encryption scheme is subject to
> hacking).

And this is a very important point.  I could be wrong, but I seem to
recall that TSM's encryption uses straight up DES, which uses a 56 bit
key.

It has been proven that very determined people can brute force 56 bit DES
-- distributed.net, which utilizes idle time of thousands of computers,
was able to do it in less than 24 hours.  There are design specs available
was able to do it in less than 24 hours.  There are design specs available
for theoretical computers which are supposed to be able to brute force 56
bit DES within minutes -- but the cost of these computers is generally
considered prohibitively expensive.  However:

1.  Consider the following -- KaZaa, a fairly popular napster-alike, has
been piggybacking programs for awhile now, one of which is designed to
allow remote users to utilize idle cycles on the computers it's installed
on.  KaZaa is used by thousands of users.  Also, how many thousands of
computers out there have been broken into, or are waiting to be broken
into?  All of these are sources of computing power that could be used to
crack DES keys.

2.  'Prohibitively expensive' is relative.  I've heard estimates that put
the price of building such a computer at a little over $1B USD.  But then,
consider how many billions of dollars countries have spent launching spy
sattelites -- don't you think that they would spend just one more billion
to be able to actually _use_ the encrypted information they intercepted?
:)

And if Moore's Law holds true, I seem to recall estimates that place
56-bit key cracking in under a week at 2020-2030.  Will your data still
need to be secret then? :)

Basically, what I'm saying is, TSM's encryption is better than nothing,
and is suitable for many purposes, but your original statement,

"They have extremly valible data witch may not get in the wrong hands."

... that indicates that this may not be suitable for your case :)

If you _really_ need to make sure people can't get it, you need to use a
lot more than 56 bits.  128 is the bare minimum these days, and even that
is starting to come under fire :)

--
Kyle Sparger
Kyle Sparger
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TSM/ODBC connection not working..., Coats, Jack
Next by Date:  Re: dsmadmc displaymode, Andrew Raibeck
Previous by Thread:  RE: don´t aynone know anything about Encryption in TSM., Joshua S. Bassi
Next by Thread:  Re: don´t a ynone know anything about Encryption in TSM., Justin Derrick
Indexes:  [Date] [Thread] [Top] [All Lists]