>Unfortunately, the government imagines that people are using their home com=
>puters to compute hashes and try and decrypt stuff. Look at what is happen=
>ing with GPUs these days. People are hooking up 4 GPUs in their computers =
>and getting huge performance gains. 5-6 char password space covered in a f=
>ew days. 12 or so chars would take one machine a couple of years if I reca=
>ll. So, if we had 20 people with that class of machine, we'd be down to a =
>few months. I'm just suggesting that while the compute space is still hug=
>e, it's not actually undoable, it just requires some thought into how to ap=
>proach the problem, and then some time to do the computations.
>Huge space, but still finite=85
Dan Brown seems to think so in "Digital Fortress" but it just means he
has no grasp on "big numbers".
2^128 is a huge space, finite *but* beyond brute force *forever*.
Cconsidering that we have nearly 10billion people and if you give them
all of them 1 billion computers all being able to compute 1 billion checks
per second, how many years does it take before we get the solution?
Did you realize that that number is *twice* the number of the years
needed for a *single* computer with the same specification to solve this
problem for 64 bits?
There are two reasons for finding a new hash alrgorithm:
- a faster one on current hardware
- a better one with a larger output
But bruteforce is not what we are defending against: we're trying to
defend against bugs in the hash algorithm. In the case of md5 and the
related hash algorithm, a new attack method was discovered and it made
many hash algorithms obsolete/broken.
When a algorithm is broken, the "work factor" needed for a successful
attack depends in part of the hash, e.g., you may left with 64 bits
of effective has and that would be brute forcible.
zfs-discuss mailing list