On Thursday 26 June 2008, Chris Walters wrote: > Sebastian Wiesner wrote:
> | I don't and I did not say so, things like the Debian disaster bring > | you back to reality from dreams ... This is the favoured method of cracking encryption - misuse by the user. The canonical example is of course Enigma and the stupid mistake that let the Allies crack it. This is entirely analogous to the Debian fiasco. > With desktop computing power and speed growing at the rate that it > currently is, does it stretch the imagination so much that > supercomputer power and speed is also growing at a similar rate. > Even if an AES256 key cannot be broken "in a million years" by one > supercomputer (*I* would like to see a citation for that), there will > soon be a time when it will be able to be cracked in a much shorter > time - with one supercomputer. No-one has ever seriously said that it will take X time to crack a key. The possibility exists that the first key randomly selected in a brute force attack will match which gives you a time to crack in the millisecond range. The calculation is quite simple - measure how quickly a specific computer can match keys. Divide this into the size of the keyspace. The average time to brute force a key is half that value. AFAIK this still averages out at enormous numbers of years, even at insane calculation rates like what RoadRunner can achieve. All this presupposes that the algorithm in question has no known cryptographic weaknesses so brute force is the only feasible method of attack currently. -- Alan McKinnon alan dot mckinnon at gmail dot com -- [email protected] mailing list
