>Unfortunately, the government imagines that people are using their home com=
>puters to compute hashes and try and decrypt stuff.  Look at what is happen=
>ing with GPUs these days.  People are hooking up 4 GPUs in their computers =
>and getting huge performance gains.  5-6 char password space covered in a f=
>ew days.  12 or so chars would take one machine a couple of years if I reca=
>ll.  So, if we had 20 people with that class of machine, we'd be down to a =
>few months.   I'm just suggesting that while the compute space is still hug=
>e, it's not actually undoable, it just requires some thought into how to ap=
>proach the problem, and then some time to do the computations.
>Huge space, but still finite=85

Dan Brown seems to think so in "Digital Fortress" but it just means he 
has no grasp on "big numbers".

2^128 is a huge space, finite *but* beyond brute force *forever*.

Cconsidering that we have nearly 10billion people and if you give them
all of them 1 billion computers all being able to compute 1 billion checks 
per second, how many years does it take before we get the solution?

Did  you realize that that number is *twice* the number of the years 
needed for a *single* computer with the same specification  to solve this
problem for 64 bits?

There are two reasons for finding a new hash alrgorithm:
        - a faster one on current hardware
        - a better one with a larger output

But bruteforce is not what we are defending against: we're trying to 
defend against bugs in the hash algorithm.  In the case of md5 and the 
related hash algorithm, a new attack method was discovered and it made 
many hash algorithms obsolete/broken.

When a algorithm is broken, the "work factor" needed for a successful 
attack depends in part of the hash, e.g., you may left with 64 bits
of effective has and that would be brute forcible.



zfs-discuss mailing list

Reply via email to