Jack Lloyd [EMAIL PROTECTED] wrote:
Making a cipher that uses an N bit key but is only secure to 2^M
operations with MN is, firstly, considered broken in many circles, as
well as being inefficient (why generate/transmit/store 512 bit keys
when it only provides the security of a ~300 bit
Allen wrote:
Add Moore's Law, a bigger budget and a more efficient machine, how long
before AES-128 can be decoded in less than a day?
It does make one ponder.
Wander over to http://keylength.com/ and poke at their
models. They have 6 or so to choose from, and they have it
coded up in
Hi,
I find it odd that the responses all seem to focus on pure brute
force when I did mention three other factors that might be in
play: a defect in the algorithm much like the attack on MD5 which
reduces it to an effective length of about 80 bits, if I recall
correctly, and/or a different
On Tue, 22 Apr 2008, Leichter, Jerry wrote:
Interestingly, if you add physics to the picture, you can convert
no practical brute force attack into no possible brute force
attack given known physics. Current physical theories all place a
granularity on space and time: There is a smallest unit
Allen [EMAIL PROTECTED] writes:
I find it odd that the responses all seem to focus on pure brute force
when I did mention three other factors that might be in play: a defect
in the algorithm much like the attack on MD5 which reduces it to an
effective length of about 80 bits, if I recall
On Wed, Apr 23, 2008 at 08:20:27AM -0400, Perry E. Metzger wrote:
There are a variety of issues. Smart cards have limited capacity. Many
key agreement protocols yield only limited amounts of key
material. I'll leave it to others to describe why a rational engineer
might use fewer key bits,
On Wed, 23 Apr 2008, Alexander Klimov wrote:
| Date: Wed, 23 Apr 2008 12:53:56 +0300 (IDT)
| From: Alexander Klimov [EMAIL PROTECTED]
| To: Cryptography cryptography@metzdowd.com
| Subject: no possible brute force Was: Cruising the stacks and finding stuff
|
| On Tue, 22 Apr 2008, Leichter
| ...How bad is brute force here for AES? Say you have a chip that can do
| ten billion test keys a second -- far beyond what we can do now. Say
| you have a machine with 10,000 of them in it. That's 10^17 years worth
| of machine time, or about 7 million times the lifetime of the universe
| so
Perry E. Metzger [EMAIL PROTECTED] wrote:
Now, it is entirely possible that someone will come up with a much
smarter attack against AES than brute force. I'm just speaking of how
bad brute force is. The fact that brute force is so bad is why people
go for better attacks, and even the A5/1
On Fri, Apr 18, 2008 at 08:02:28PM -0700, Allen wrote:
Granted A5/1 is known to be very weak, but how much weaker than
AES-128? Ten orders of magnitude? I haven't a clue ...
This is usually the point where I stop reading. Of course 10 orders of
magnitude is ~33 bits, so unless the A5 attacks
Victor Duchovni [EMAIL PROTECTED] writes:
On Fri, Apr 18, 2008 at 08:02:28PM -0700, Allen wrote:
Granted A5/1 is known to be very weak, but how much weaker than
AES-128? Ten orders of magnitude? I haven't a clue ...
This is usually the point where I stop reading. Of course 10 orders of
11 matches
Mail list logo