|
|
Posted by TheLetterK on 01/12/07 22:00
JoeBloe wrote:
> On 4 Jan 2007 12:25:29 -0800, "Wayne McClaine"
> <gary.griffith@gmail.com> Gave us:
>
>> The Ghost In The Machine wrote:
>>> In comp.os.linux.advocacy, Wayne McClaine
>>> <gary.griffith@gmail.com>
>>> wrote
>>> on 3 Jan 2007 21:19:22 -0800
>>> <1167887962.598432.130480@31g2000cwt.googlegroups.com>:
>>>> Tim Smith wrote:
>>>>> This depends on what you mean by "broke". In particular, do you
>>>>> consider a successful brute force attack a break? With its mere 40-bit
>>>>> key length, and weak algorithms, CSS falls fairly quickly to a brute
>>>>> force attack, in about 2^25 steps.
>>>> Any encrypted cipher can be "foiled" by brute force - you're just
>>>> looking for a key.
>>> 2^40 = 1.10 trillion. If one can look at a key every microsecond, that
>>> only takes about a week and a half. That's about what it took a French
>>> compute farm, if memory serves.
>>>
>>> 2^56 = 7.21 * 10^16. At the same key rate, that'll only take about 2.3
>>> millennia. Fortunately, distributed.net has a faster key rate, since
>>> the problem is inherently parallel.
>>>
>>> 2^1024 = 1.80 * 10^100, or 1.80 googols. Search company, meet
>>> military-grade encryption-cipher. Dare I mention that the Universe is
>>> at the very very most 80 billion years old or so?
>> More reason to use AES-256 if you're performance can handle. Should
>> survive brute force until the data is in our sun's black-hole.
>> However, if the key is left on a post-it on the keyboard, or in a dump
>> or a stack trace....
>>
>>>> When it is doable in a relatively short time, it's broken. Not
>>>> circumvented or broken "into", no magic bullet, but might as well be -
>>>> even if you can't derive the key, if you can run through all
>>>> possibilities, then what's the difference? You can get the key, and
>>>> systems built on this are houses-of-cards. Hence, AES, 3DES, etc.
>>>>
>>>> So, our boy got a PowerDVD software key to then expose the DVD title &
>>>> volume keys and such. And this is impossible for other players, how?
>>>> Yawn.
>>> How big is the key?
>> He doesn't get into this, but seems to hint that memory helps. Doesn't
>> really matter how big it is if you find it.
>>
>> I understand the time required to DIY and the way distributed.net got
>> DES done. But a 2^25 step brute-force as stated by Tim seemed to be a
>> cakewalk. If 40 bits goes in 10 days, 25 should fall in under a minute.
>
>
> Why are raw satellite MPEG-2 transport streams still safe? Why has
> no one cracked satellite transmission ciphers yet?
>
> Why? 'Cause we place false keys in the stream, and a few other
> things that foils many illicit decryption efforts.
>
> VideoCipher I... been here since '82, and still unbroken.
> VideoCipher II same case.
>
> DigiCipher I and II... same case. Completely unbroken.
>
> Unbreakable datagrams are in your future. Try not to cry.
Unbreakable simply means a method hasn't been found yet.
Navigation:
[Reply to this message]
|