Allen wrote:
Add Moore's Law, a bigger budget and a more efficient machine, how long
before AES-128 can be decoded in less than a day?
It does make one ponder.
Wander over to http://keylength.com/ and poke at their
models. They have 6 or so to choose from, and they have it
coded up in th
Jack Lloyd <[EMAIL PROTECTED]> wrote:
> Making a cipher that uses an N bit key but is only secure to 2^M
> operations with M well as being inefficient (why generate/transmit/store 512 bit keys
> when it only provides the security of a ~300 bit (or whatever) key
> used with a perfect algorithm
On Wed, 23 Apr 2008, Alexander Klimov wrote:
| Date: Wed, 23 Apr 2008 12:53:56 +0300 (IDT)
| From: Alexander Klimov <[EMAIL PROTECTED]>
| To: Cryptography
| Subject: no possible brute force Was: Cruising the stacks and finding stuff
|
| On Tue, 22 Apr 2008, Leichter, Jerry
On Wed, Apr 23, 2008 at 08:20:27AM -0400, Perry E. Metzger wrote:
> There are a variety of issues. Smart cards have limited capacity. Many
> key agreement protocols yield only limited amounts of key
> material. I'll leave it to others to describe why a rational engineer
> might use fewer key bits,
Allen <[EMAIL PROTECTED]> writes:
> I find it odd that the responses all seem to focus on pure brute force
> when I did mention three other factors that might be in play: a defect
> in the algorithm much like the attack on MD5 which reduces it to an
> effective length of about 80 bits, if I recall
On Tue, 22 Apr 2008, Leichter, Jerry wrote:
> Interestingly, if you add physics to the picture, you can convert
> "no practical brute force attack" into "no possible brute force
> attack given known physics". Current physical theories all place a
> granularity on space and time: There is a smalle
Hi,
I find it odd that the responses all seem to focus on pure brute
force when I did mention three other factors that might be in
play: a defect in the algorithm much like the attack on MD5 which
reduces it to an effective length of about 80 bits, if I recall
correctly, and/or a different an
Perry E. Metzger <[EMAIL PROTECTED]> wrote:
> Now, it is entirely possible that someone will come up with a much
> smarter attack against AES than brute force. I'm just speaking of how
> bad brute force is. The fact that brute force is so bad is why people
> go for better attacks, and even the
| ...How bad is brute force here for AES? Say you have a chip that can do
| ten billion test keys a second -- far beyond what we can do now. Say
| you have a machine with 10,000 of them in it. That's 10^17 years worth
| of machine time, or about 7 million times the lifetime of the universe
| so far
Victor Duchovni <[EMAIL PROTECTED]> writes:
> On Fri, Apr 18, 2008 at 08:02:28PM -0700, Allen wrote:
>
>> Granted A5/1 is known to be very weak, but how much weaker than
>> AES-128? Ten orders of magnitude? I haven't a clue ...
>
> This is usually the point where I stop reading. Of course 10 orde
On Fri, Apr 18, 2008 at 08:02:28PM -0700, Allen wrote:
> Granted A5/1 is known to be very weak, but how much weaker than
> AES-128? Ten orders of magnitude? I haven't a clue ...
This is usually the point where I stop reading. Of course 10 orders of
magnitude is ~33 bits, so unless the A5 attacks
11 matches
Mail list logo
