> My question is since CGA has 2^59 as a security guarantee, why bother > increase sec?
Because the evaluation of the hash itself is a very small number, and get smaller and smaller as Moore's law progresses. Under the same proportionality rule, if the user spends 1 microsecond verifying the hash, the attacker will need to spend 18,000 years. That seems a lot, until you realize that if a botnet has access to 1 million computers, we are down to less than 7 days. And if these computers in turns have GPU with 1000 cores each, we are down to 16 minutes. The SEC process ensures that the user spends enough time to make the attack impractical. From: Sujing Zhou [mailto:[email protected]] Sent: Sunday, March 24, 2013 10:54 PM To: Christian Huitema Cc: [email protected]; 'Jeffrey Hutzelman'; 'Erik Nordmark'; [email protected]; 'Santosh Chokhani'; 'Ray Hunter' Subject: Re: RE: RE: [saag] security consideration of CGA and SSAS - I-D action : draft-rafiee-6man-ssas Christian Huitema <[email protected]> 写于 2013-03-25 12:33:40: > > What is the pointing of adding sec since the ratio of effor > required by attacker and user is always 2^59, as Jari argued. > > 2^59 is a rather large number. Everything else being equal, another > 1 second of computation at the user translates into another 18 > billion years at the attacker. Agree. How about 2^56? My question is since CGA has 2^59 as a security guarantee, why bother increase sec? > > -- Christian Huitema > > > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
