|
|
Posted by The Ghost In The Machine on 01/04/07 22:07
In comp.os.linux.advocacy, Wayne McClaine
<gary.griffith@gmail.com>
wrote
on 4 Jan 2007 12:25:29 -0800
<1167942328.937332.194870@q40g2000cwq.googlegroups.com>:
> The Ghost In The Machine wrote:
>> In comp.os.linux.advocacy, Wayne McClaine
>> <gary.griffith@gmail.com>
>> wrote
>> on 3 Jan 2007 21:19:22 -0800
>> <1167887962.598432.130480@31g2000cwt.googlegroups.com>:
>> >
>> > Tim Smith wrote:
>> >>
>> >> This depends on what you mean by "broke". In particular, do you
>> >> consider a successful brute force attack a break? With its mere 40-bit
>> >> key length, and weak algorithms, CSS falls fairly quickly to a brute
>> >> force attack, in about 2^25 steps.
>> >
>> > Any encrypted cipher can be "foiled" by brute force - you're just
>> > looking for a key.
>>
>> 2^40 = 1.10 trillion. If one can look at a key every microsecond, that
>> only takes about a week and a half. That's about what it took a French
>> compute farm, if memory serves.
>>
>> 2^56 = 7.21 * 10^16. At the same key rate, that'll only take about 2.3
>> millennia. Fortunately, distributed.net has a faster key rate, since
>> the problem is inherently parallel.
>>
>> 2^1024 = 1.80 * 10^100, or 1.80 googols. Search company, meet
>> military-grade encryption-cipher. Dare I mention that the Universe is
>> at the very very most 80 billion years old or so?
>
> More reason to use AES-256 if you're performance can handle. Should
> survive brute force until the data is in our sun's black-hole.
Pedant Point: white dwarf. Cf. "Chandrasekhar limit" (it's about
1.44-1.50 M_sol to create a neutron star; I'm not sure what the
mass is for a black hole).
As for 2^256 = 1.158 * 10^77...yeah, that's pretty safe, too.
That translates into 3.669 * 10^63 years -- way more than enough,
unless the mathematically-inclined types find a short cut.
> However, if the key is left on a post-it on the keyboard, or in a dump
> or a stack trace....
Q: "Wow, what a secure fortress!"
A: "Thanks."
Q: "Hey, what's this under the doormat?"
A: "DON'T YOU DARE...aw shit. Now I gotta change the locks again. Why
do they keep stealing my house key?"
>
>> >
>> > When it is doable in a relatively short time, it's broken. Not
>> > circumvented or broken "into", no magic bullet, but might as well be -
>> > even if you can't derive the key, if you can run through all
>> > possibilities, then what's the difference? You can get the key, and
>> > systems built on this are houses-of-cards. Hence, AES, 3DES, etc.
>> >
>> > So, our boy got a PowerDVD software key to then expose the DVD title &
>> > volume keys and such. And this is impossible for other players, how?
>> > Yawn.
>>
>> How big is the key?
>
> He doesn't get into this, but seems to hint that memory helps. Doesn't
> really matter how big it is if you find it.
True.
>
> I understand the time required to DIY and the way distributed.net got
> DES done. But a 2^25 step brute-force as stated by Tim seemed to be a
> cakewalk. If 40 bits goes in 10 days, 25 should fall in under a minute.
>
~33.6 seconds, actually. Not the most secure of ciphers, nowadays. :-)
--
#191, ewill3@earthlink.net
People think that libraries are safe. They're wrong. They have ideas.
(Also occasionally ectoplasmic slime and cute librarians.)
--
Posted via a free Usenet account from http://www.teranews.com
[Back to original message]
|