Re: [gentoo-user] My last words on cryptology and cryptography.
Steven Lembark [EMAIL PROTECTED] at Thursday 26 June 2008, 23:52:17 I submit that brute forcing an AES key of reasonably length is currently impossible in an amount of time that would matter to the human race. On average yes. As already pointed out, however, there is nothing to prevent the first guess from matching a key and cracking one particular example of the cipher in 0.0001 seconds. A probability of something like 1 / 5 to die in a car accident does not one prevent from driving a car. But a probability of 1 / (2^256) of finding the first key right away at the first guess is easily held up against key security of AES ... now that's a very strange mismatch. Apparently you consider the security of your life much, much less worth than security of your encrypted hard disk ... -- Freedom is always the freedom of dissenters. (Rosa Luxemburg) signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] My last words on cryptology and cryptography.
On Thursday 26 June 2008, Chris Walters wrote: Sebastian Wiesner wrote: | I don't and I did not say so, things like the Debian disaster bring | you back to reality from dreams ... This is the favoured method of cracking encryption - misuse by the user. The canonical example is of course Enigma and the stupid mistake that let the Allies crack it. This is entirely analogous to the Debian fiasco. With desktop computing power and speed growing at the rate that it currently is, does it stretch the imagination so much that supercomputer power and speed is also growing at a similar rate. Even if an AES256 key cannot be broken in a million years by one supercomputer (*I* would like to see a citation for that), there will soon be a time when it will be able to be cracked in a much shorter time - with one supercomputer. No-one has ever seriously said that it will take X time to crack a key. The possibility exists that the first key randomly selected in a brute force attack will match which gives you a time to crack in the millisecond range. The calculation is quite simple - measure how quickly a specific computer can match keys. Divide this into the size of the keyspace. The average time to brute force a key is half that value. AFAIK this still averages out at enormous numbers of years, even at insane calculation rates like what RoadRunner can achieve. All this presupposes that the algorithm in question has no known cryptographic weaknesses so brute force is the only feasible method of attack currently. -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] My last words on cryptology and cryptography.
Alan McKinnon wrote: The calculation is quite simple - measure how quickly a specific computer can match keys. Divide this into the size of the keyspace. The average time to brute force a key is half that value. AFAIK this still averages out at enormous numbers of years, even at insane calculation rates like what RoadRunner can achieve. 256 bit keys. The 115792089237316195423570985008687907853269984665640564039457584007913129639936 keys are quite a lot to check (although, if all the atoms in the universe [estimated 10^78] were to test 1 key/sec, it'd only take about 0.1157920892 seconds). However.. 512 bit keys with all the atoms testing a trillion keys/second would take about (2^512)/(10^78)/60/60/24/(36525/100)/(10^12) or 4.2486779507765473608e56 years.. I submit that brute forcing an AES key of reasonably length is currently impossible in an amount of time that would matter to the human race. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] My last words on cryptology and cryptography.
Alan McKinnon [EMAIL PROTECTED] at Thursday 26 June 2008, 10:54:43 The calculation is quite simple - measure how quickly a specific computer can match keys. Divide this into the size of the keyspace. The average time to brute force a key is half that value. AFAIK this still averages out at enormous numbers of years, even at insane calculation rates like what RoadRunner can achieve. According to Wikipedia RoadRunner is designed for 1.7 petaflops in peak. Assuming for the sake of simplicity, that decryption can be performed within a single flop: (2^256) / (1.7 * 10^15) / 2 ~= 3.5 * 10^61 In years: 3.5 * 10^61 / 3600 / 24 / 356 ~= 10^54 Correct me if I'm wrong, but it seems impossible to me, to reduce this get the required amount somewhere near to the life time of a human being ;) -- Freedom is always the freedom of dissenters. (Rosa Luxemburg) signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] My last words on cryptology and cryptography.
On Thursday 26 June 2008, Sebastian Wiesner wrote: Alan McKinnon [EMAIL PROTECTED] at Thursday 26 June 2008, 10:54:43 The calculation is quite simple - measure how quickly a specific computer can match keys. Divide this into the size of the keyspace. The average time to brute force a key is half that value. AFAIK this still averages out at enormous numbers of years, even at insane calculation rates like what RoadRunner can achieve. According to Wikipedia RoadRunner is designed for 1.7 petaflops in peak. Assuming for the sake of simplicity, that decryption can be performed within a single flop: (2^256) / (1.7 * 10^15) / 2 ~= 3.5 * 10^61 In years: 3.5 * 10^61 / 3600 / 24 / 356 ~= 10^54 Correct me if I'm wrong, but it seems impossible to me, to reduce this get the required amount somewhere near to the life time of a human being ;) Even with your ultra-liberal assumptions, it still comes out to: 1 times longer than the entire universe is believed to have existed thus far (14 billion years). That is an unbelievable stupendously long period of time. Yeah, I'd agree that brute force is utterly unfeasible as a vector of attack. Not even the almighty NSA could ever pull that one off as there simply aren't enough atoms in the universe to make a supercomputer big enough. Numbers don't lie. -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] My last words on cryptology and cryptography.
I submit that brute forcing an AES key of reasonably length is currently impossible in an amount of time that would matter to the human race. On average yes. As already pointed out, however, there is nothing to prevent the first guess from matching a key and cracking one particular example of the cipher in 0.0001 seconds. Therefore, brute forcing an AES key of any length is quite possible, even if it is unlikely. q.e.d. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] My last words on cryptology and cryptography.
Steven Lembark wrote: I submit that brute forcing an AES key of reasonably length is currently impossible in an amount of time that would matter to the human race. On average yes. As already pointed out, however, there is nothing to prevent the first guess from matching a key and cracking one particular example of the cipher in 0.0001 seconds. Therefore, brute forcing an AES key of any length is quite possible, even if it is unlikely. q.e.d. This is not interesting data nor particularly relevant. That said, the chances of your key is not randomly guessed are far far better than average. Getting lucky is not the same as being able to evaluate a significant portion of the key space in a short period of time. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] My last words on cryptology and cryptography.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sebastian Wiesner wrote: | Jason Rivard [EMAIL PROTECTED] at Wednesday 25 June 2008, 23:53:23 [snip] | A OTP cannot be broken using brute force, so the term perfectly secure | fits here, imho, at least a bit ;) A OTP cipher would be *theoretically* impossible to crack, even given infinite computing power. I use the word theoretically here because this perfect security of OTP depends on a purely theoretical perfect setting. http://en.wikipedia.org/wiki/One-time_pad | Does that difference really matter for ciphers like AES or at least for | brute-force attacks on random 256-bit keys? The key word here is random. Nothing generated by your computer can generate pure entropy, only a good representation of it. Now if you have a computer network at your disposal, and can get the computers working in parallel or in a distributed manner, you will notice that tasks are completed much faster than with one computer working on that task. A network of supercomputers would be able to, in a sense, either work on breaking a single key at a time (assuming CBC with keys = blocks), then you could decrypt the message one block at a time. I did not say it would be very fast, just faster than many people would like to assume. [snip] | Still, there is a difference between the algorithm as such and a | cryptosystem applying this algorithm. | | Btw, apart from general stuff like weak passphrases, that apply to most | cryptosystems, really bad leaks often came from weak algorithms. Consider | WEP. An algorithm is just a recipe - a set of steps to achieve a task. The implementation is the *only* thing that counts. A weak implementation of AES256 would lead to a weak cryptosystem. While a strong implementation would, theoretically, lead to a strong cryptosystem. I will state my view as a programmer. An algorithm is next to useless without a working application that uses it. As an aside, let us say you use a USB thumb drive or the like to store a master key, from which cryptographically random quality keys are derived. There would be two weak points in that system. You, and the thumb drive. If any entity can get you, your computer and your thumb drive, your data could be decrypted without the need for a supercomputer. [snip] | Anyway, you may believe, what you want to believe, I'm just reflecting, | what | real experts like Bruce Schneier have been telling for years: It's | wrong to trust into simple ciphers, but it's equally wrong, to believe, | that anything can be broken. | It is equally wrong to believe that any cipher is immune to attack | | I don't and I did not say so, things like the Debian disaster bring you back | to reality from dreams ... With desktop computing power and speed growing at the rate that it currently is, does it stretch the imagination so much that supercomputer power and speed is also growing at a similar rate. Even if an AES256 key cannot be broken in a million years by one supercomputer (*I* would like to see a citation for that), there will soon be a time when it will be able to be cracked in a much shorter time - with one supercomputer. Regards, Chris -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJIYv1LAAoJEIAhA8M9p9DAK44P/2ikcuihfTj6OgArcNvJUHNK m1qwKpk8dRkkeeLQsNZJzZtd00Gv03dkV0pD3sEfzVlKl9TIaoMheJ4D+XqHuorA ojFfWjcV7eFs5C5rMpvyb96fQ+m98bfRuGNlwnb3Jwy82ehGsxdM3VuVQEgojsyi TmFIuoS9moZrecLn+Smap5SxSvFmSdHpZ/sy0vbN78+58vvP/Fuq+uoqdz5fZcJH HwPu+8euaabBOiiPBXInRYYCfSdDqS/X9VuUzetRIhU15B+yijBesDmeo9BjB3oi ING3XFtbXiQ94/Kjzfz3Bx5MGotm2npM4H8TIr1SQSpB57j8+VHy+EepFWEjN3Dj hh8D3d4hpw64oBi6Gj+P0b/4QYkot1yBdQvXXeAt7oappQ0QsFXv1CDvGS8tDQ9f WWv9IXQ/1EaeQYPLVEv8kSuTxgqte4EcvpUJpIZ9Ku4Z8PGh50Bc2Y2AGlszezxk IIk7eI/Z2wJquQ7+A8QLGpiuM2+2WDfrfdh/kvX4AZS6mYm/a2V95K9oPPGTqDgp R5HwGW69hANARhdJAQg/GZFMrsi3BFGMDtj1EIVnWwXS1W3cAFZFIWJHWuBf0c06 5aQjYQNq055eUe1QvsIf0v3eyuG1QiOazb+0FaDJ1u9wrgsYQ7G1hR9uVBCxyWz7 moYaBh171qt40nMFrp8u =ond2 -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list