[Cryptography] WhatsApp, Curve25519 workspace etc.

Ismail Kizir ikizir at gmail.com
Tue May 3 00:33:00 EDT 2016 

>Maybe you're line of thinking is that 128 is "only" a bit more than
>twice the size of 56. But that's not the case. You're counting bits

That's the point: I didn't mean, there is any vulnerability in 56 bit
DES encryption.
A supercomputer tries all possibilities and breaks it via brute force
in 399 seconds!

In fact, concentrating solely on brute-force attack scenarios, you
confirm my concerns:
You speak as there is no possibility to reduce workspace, e.g.
via protocol codes, via exif data, via mathematical properties etc.
Especially considering we're talking about 10-20 years future, my
humble opinion, 128 bit workspace is "highly suspicious".
I respect also to your opinion. But that's what I think.

Thank you
Ismail Kizir

On Sun, May 1, 2016 at 2:16 PM, Hanno Böck <hanno at hboeck.de> wrote:
> Hi,
>
> On Sun, 1 May 2016 10:58:59 +0300
> Ismail Kizir <ikizir at gmail.com> wrote:
>
>> I want to state my thought more clearly.
>> Curve25519 has 2^128 workspace for brute force attacks. Correct me if
>> I am wrong please.
>>
>> Also, as far as I remember, -I don't remember where I read-, a
>> supercomputer today, is able to break 56 bit DES encryption ~400
>> seconds.
>
> Not sure where you're getting with this. 56 bit security is broken, 128
> is not (and most likely never will be).
> Maybe you're line of thinking is that 128 is "only" a bit more than
> twice the size of 56. But that's not the case. You're counting bits
> here that exponentially increase the complexity. 128 bit is not (a bit
> more than) twice the security of 56, it's another universe of security.
>
>> Moreover, more important: WhatsApp uses AES 256 in CBC mode, which is
>> excluded from TLS 1.3 draft. And there are some articles about it:
>> http://link.springer.com/chapter/10.1007%2F3-540-45708-9_2
>
> Ok, I must say I was surprised that Whatsapp uses CBC (I had expected
> either gcm or chacha20-poly1305), but there is no risk here either.
> All the weaknesses of CBC don't affect the mode itself, but a bad
> combination of cbc+hmac. Quickly skimming into the whatsapp whitepaper
> they use cbc+hmac with encrypt-then-mac. That's safe. What's unsafe is
> using the other way round or some wacky encrypt-and-mac constructions.
>
>> I want to repeat my question again: Isn't it highly suspicious to take
>> so many risks, instead of simply using a larger key space?
>
> It seems to me that what you classify as "so many risks" are just two
> misunderstandings. Neither the 128 bit security of curve25519 nor cbc
> in encrypt-then-mac mode are a risk.
>
> --
> Hanno Böck
> https://hboeck.de/
>
> mail/jabber: hanno at hboeck.de
> GPG: BBB51E42
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list