-----Original Message-----
From: "Major Variola (ret)" <[EMAIL PROTECTED]>
Sent: Jul 30, 2004 10:25 PM
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
The "profitably" part is a non-issue when you have black budgets,
ie $400 toilet seats.
This is silly. They have black budgets, but not infinite ones. Given their budget
(whatever it is), they want to buy the most processing bang for their buck. I doubt
they can do that substantially better than anyone else. I'd expect them to be really
clever at finding tricks to optimize keysearch of various kinds, but not to have
better microprocessor technology than the rest of the world.
Bottom line: they're not ahead in tech, but they can make things that
private-co engineeers only dream of. DesCrack is a suitcase, get it?
So, then they can break 3-key 3DES with moderate numbers of texts as soon as they can
build 2^{56} such suitcases, right? And power them, and get rid of their waste
heat....
I'll let you speculate on AESCrack :-)
Do the math, and you'll see how implausible 128-bit keysearch is. Maybe there are
better attacks on AES (the algebraic stuff doesn't seem to have gone anywhere, but it
still might), but if keysearch is all we have to worry about, and nontrivial quantum
computers remain impractical to build, then 128-bit keys are as secure as we're ever
likely to need, and 256-bit keys more or less eliminate keysearch of any kind from the
list of things we need ever worry about again.
--John
