[Cryptography] Dumb question -> 3AES?
Michael Kjörling
michael at kjorling.se
Tue Aug 12 04:50:48 EDT 2014
On 11 Aug 2014 16:50 -0400, from danmcd at kebe.com (Dan McDonald):
> I'm less worried about the AES algorithm being broken (and yes, I understand
> about 3des's effective key strength) as I am against Moore's law
If that's your worry, then I'd say don't worry.
Copying Bruce Schneier [1]:
> Now, the annual energy output of our sun is about 1.21×10^41 ergs.
> This is enough to power about 2.7×10^56 single bit changes on our
> ideal computer; enough state changes to put a 187-bit counter
> through all its values. **If we built a Dyson sphere around the sun
> and captured all its energy for 32 years, without any loss, we could
> power a computer to count up to 2^192. Of course, it wouldn't have
> the energy left over to perform any useful calculations with this
> counter.**
>
> But that's just one star, and a measly one at that. A typical
> supernova releases something like 10^51 ergs. (About a hundred times
> as much energy would be released in the form of neutrinos, but let
> them go for now.) If all of this energy could be channeled into a
> single orgy of computation, **a 219-bit counter could be cycled
> through all of its states.**
>
> These numbers have nothing to do with the technology of the devices;
> they are the maximums that thermodynamics will allow. And they
> strongly imply that brute-force attacks against 256-bit keys will be
> infeasible until computers are built from something other than
> matter and occupy something other than space."
Even if the numbers he cites are off by something like _ten orders of
magnitude_, it doesn't matter. Brute force cracking of a 256-bit key
just isn't practical, and likely never will be practical, for reasons
of physics. The only way breaking a 256-bit key length cryptosystem
will ever be practical is if it provides _far_ less than par security
per bit of key material used, and the most obvious way to end up with
that is that it's storing something that allows deducing the key, or
the key is generated in a very un-random fashion (in which cases you'd
very likely be just as hosed using 3AES256).
Anyone targeting a cryptosystem that uses 256-bit keys will
_certainly_ choose some attack vector other than trying a brute force
search for the key. Hiring a few dozen thugs would be almost
infinitely cheaper, and vastly more likely to yield the desired
results (gaining access to the plaintext within a reasonable timeframe).
[1] https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the cryptography
mailing list