Re: Is 80 bits enough? [Re: Advantages and disadvantages of using CB64 type of identifiers]

[marcelo bagnulo braun <mbagnulo@ing.uc3m.es>]

El 05/07/2004, a las 8:14, Christian Huitema escribió:

> > > Everybody should be convinced that, when it comes to cryptography,
> 2^64
> > > is actually a small number. SEND alleviates this risk by
> > > cryptographically link a public key to the entire 128 bits of the
> > > address. This is NOT overkill.
> >
> > But is 2^80 big enough? Omitting the /48 prefix from the crypto would
> > avoid the hash changing when rehoming to a different prefix.
>
> Not really. The 16 bit subnet identifier is not very random in 
> practice.
> In many cases, the value is 0 or 1, and you get only 1 additional bit,
> not 16...

Well, i guess this would be the site's responsability to use more 
creative subnet prefixes, especially if this provides an additional 
protection to some attacks

Bottom line is that with Brian's suggestion the data base will have to 
consider 2^80 different ids, which imho is a clear improvement to the 
protection from dictionary attacks.

regards, marcelo

> -- Christian Huitema