[FDE] Appropriate key lengths chart

Allen netsecurity at sound-by-design.com
Tue Mar 11 17:58:34 MDT 2008 

Robert Jueneman wrote:

[snip]

> Will they be robust enough for 100+ years?  
> 
> I hope so, because I believe that certain Personally Identifiable
> Information ought to be protected for the duration of a person's life,
> and perhaps even longer in the case of genetic predisposition to certain
> diseases that might be revealed through DNA testing.

Going forward this may well not be long enough. What about birth 
defects that might be inheritable? Then, too, there is the 
situation that as genetic studies become more sophisticated, it 
is not only your own DNA code that need to be protected but that 
of your parents, grandparents and probably, as we live longer, 
even your great-great-grandparents.

If we suppose that the data needs to be protected from birth 
until life closes, the current outlier lifespans are 105 to 110. 
Add to this the generational additions of about 25 years per 
additional generation and you could easily require 200+ years.

The example that sticks in my mind is the study done on the 
genetic inheritance of an amenses trait in a few families done 
about 10-12 years ago. In that study they found that it was 
caused by a zinc loop. To find this out they studied 3, and in 
one case 4, generations of women. The oldest woman in the study, 
if I recall correctly was in her 90s and the youngest in her 
teens. The study took somewhat less than 6 months to complete.

If genetic inheritance can be studied in depth and time with the 
relatively crude tools available then, think what the database 
implications are for the discovery of a "criminal" trait, 
something like Schokley's ideas about race, or the Nazi ideas 
about race "purity" with the tools still in development. While in 
the end wacky science is discarded it often takes many hundred of 
years. Look at the flat-earthers as but one example.

We have seen time and again where rogue, or even sanctioned, 
governmental actions interfere with personal freedoms. We have 
also seen that even though they say such blatantly illegally 
collected data has been "destroyed," some of it resurfaces later 
in other's hands.

It may be a wise move to estimate even longer time frames for 
protection and start the process for AES-2048 now.

Best to all,

Allen

Allen

More information about the FDE mailing list