[121362] in cryptography@c2.net mail archive
Re: Cruising the stacks and finding stuff
daemon@ATHENA.MIT.EDU (Sandy Harris)
Tue Apr 22 14:05:02 2008
Date: Tue, 22 Apr 2008 08:22:48 +0800
From: "Sandy Harris" <sandyinchina@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <87k5irw09y.fsf@snark.cb.piermont.com>
Perry E. Metzger <perry@piermont.com> wrote:
> Now, it is entirely possible that someone will come up with a much
> smarter attack against AES than brute force. I'm just speaking of how
> bad brute force is. The fact that brute force is so bad is why people
> go for better attacks, and even the A5/1 attackers do not use brute
> force.
>
> I'd suggest that Allen should be a bit more careful when doing back of
> the envelope calculations...
Another back-of-the-envelope estimate would be to look at the EFF
machine that could brute force s 56-bit DES key in a few days and
cost $200-odd thousand. That was 10 years ago and Moore's Law
applies, so it should be about 100 times faster or cheaper now.
Round numbers are nice. Overestimating the attacker a bit is
better than underestimating. So assume an attacker can brute
force a a 64-bit key (256 times harder than DES) in a second
(a few 100 thousand times faster).
Brute force against a 96-bit key should take 2^32 times as long.
Since pi seconds is a nano-century, that's somewhat over a
century. For a 128-bit key, over 2^32 centuries. If brute force
is the best attack, this is obviously secure.
--
Sandy Harris,
Nanjing, China
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
