The other piece of the crypto puzzle that is frequently misunderstood (not 
flames! I'm not saying misunderstood by anyone participating in this 
discussion!) is that data is typically sensitive for a limited period of 
time.  The fact that you could crack a password in a year becomes quite 
irrelevant if the protected data is no longer sensitive after a month.  
Intelligently archiving older data that doesn't need to remain on-line helps 
this situation.

On Thursday 29 August 2002 06:30, Perry E. Metzger wrote:
> "Karsten W. Rohrbach" <karsten@rohrbach.de> writes:
> > Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000:
> > > I do. If someone with millions of dollars to spend on custom designed
> > > hardware wants to break into your computer, I assure you that
> > > increasing the size of your ssh keys will not stop them. Nor, for that
> >
> > you missed the concept behind crypto in general, i think. it's not about
> > stopping someone from accessing private resources, but rather making
> > that approach to make access to these resources /very/ unattractive, by
> > increasing the amount of time (and thus $$$) an attacker has to effort
> > to get access.
>
> I would have thought spending at least hundreds of millions off
> dollars and (as importantly) at least months of time would have been
> considered "unattractive" enough to encourage other methods of getting
> at your data like breaking in to your physical location. Silly me. I
> guess I missed the concept behind crypto.

-- 
-----------------------------------
Seth Kurtzberg
M. I. S. Corp.
1-480-661-1849