|
|
Posted by JoeBloe on 01/05/07 02:05
On 4 Jan 2007 12:25:29 -0800, "Wayne McClaine"
<gary.griffith@gmail.com> Gave us:
>The Ghost In The Machine wrote:
>> In comp.os.linux.advocacy, Wayne McClaine
>> <gary.griffith@gmail.com>
>> wrote
>> on 3 Jan 2007 21:19:22 -0800
>> <1167887962.598432.130480@31g2000cwt.googlegroups.com>:
>> >
>> > Tim Smith wrote:
>> >>
>> >> This depends on what you mean by "broke". In particular, do you
>> >> consider a successful brute force attack a break? With its mere 40-bit
>> >> key length, and weak algorithms, CSS falls fairly quickly to a brute
>> >> force attack, in about 2^25 steps.
>> >
>> > Any encrypted cipher can be "foiled" by brute force - you're just
>> > looking for a key.
>>
>> 2^40 = 1.10 trillion. If one can look at a key every microsecond, that
>> only takes about a week and a half. That's about what it took a French
>> compute farm, if memory serves.
>>
>> 2^56 = 7.21 * 10^16. At the same key rate, that'll only take about 2.3
>> millennia. Fortunately, distributed.net has a faster key rate, since
>> the problem is inherently parallel.
>>
>> 2^1024 = 1.80 * 10^100, or 1.80 googols. Search company, meet
>> military-grade encryption-cipher. Dare I mention that the Universe is
>> at the very very most 80 billion years old or so?
>
>More reason to use AES-256 if you're performance can handle. Should
>survive brute force until the data is in our sun's black-hole.
>However, if the key is left on a post-it on the keyboard, or in a dump
>or a stack trace....
>
>> >
>> > When it is doable in a relatively short time, it's broken. Not
>> > circumvented or broken "into", no magic bullet, but might as well be -
>> > even if you can't derive the key, if you can run through all
>> > possibilities, then what's the difference? You can get the key, and
>> > systems built on this are houses-of-cards. Hence, AES, 3DES, etc.
>> >
>> > So, our boy got a PowerDVD software key to then expose the DVD title &
>> > volume keys and such. And this is impossible for other players, how?
>> > Yawn.
>>
>> How big is the key?
>
>He doesn't get into this, but seems to hint that memory helps. Doesn't
>really matter how big it is if you find it.
>
>I understand the time required to DIY and the way distributed.net got
>DES done. But a 2^25 step brute-force as stated by Tim seemed to be a
>cakewalk. If 40 bits goes in 10 days, 25 should fall in under a minute.
Why are raw satellite MPEG-2 transport streams still safe? Why has
no one cracked satellite transmission ciphers yet?
Why? 'Cause we place false keys in the stream, and a few other
things that foils many illicit decryption efforts.
VideoCipher I... been here since '82, and still unbroken.
VideoCipher II same case.
DigiCipher I and II... same case. Completely unbroken.
Unbreakable datagrams are in your future. Try not to cry.
Navigation:
[Reply to this message]
|