Cruising the stacks and finding stuff
Sandy Harris
sandyinchina at gmail.com
Mon Apr 21 20:22:48 EDT 2008
Perry E. Metzger <perry at piermont.com> wrote:
> Now, it is entirely possible that someone will come up with a much
> smarter attack against AES than brute force. I'm just speaking of how
> bad brute force is. The fact that brute force is so bad is why people
> go for better attacks, and even the A5/1 attackers do not use brute
> force.
>
> I'd suggest that Allen should be a bit more careful when doing back of
> the envelope calculations...
Another back-of-the-envelope estimate would be to look at the EFF
machine that could brute force s 56-bit DES key in a few days and
cost $200-odd thousand. That was 10 years ago and Moore's Law
applies, so it should be about 100 times faster or cheaper now.
Round numbers are nice. Overestimating the attacker a bit is
better than underestimating. So assume an attacker can brute
force a a 64-bit key (256 times harder than DES) in a second
(a few 100 thousand times faster).
Brute force against a 96-bit key should take 2^32 times as long.
Since pi seconds is a nano-century, that's somewhat over a
century. For a 128-bit key, over 2^32 centuries. If brute force
is the best attack, this is obviously secure.
--
Sandy Harris,
Nanjing, China
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list