LinuxSA Mailing list archives

  From: Mark Newton <newton@atdot.dotat.org>
  To  : Net Media Solutions <john@vodka.lynx.net.au>
  Date: Wed, 15 Sep 1999 12:31:06 +0930 (CST)

Re: Encryption (was Re: Linux Console Security)y

Net Media Solutions wrote:

 > > The days of the inadequacy of 256-bit keys for long-term protection
 > > of data are fast approaching.  If NIST is pushing 256-bit keys, you
 > > can bet your bottom dollar that that means the NSA is capable of
 > > cracking 256-bit crypto in a reasonably short amount of time. :-)
 > 
 > 	Bollocks. 128-bit encryption (block encryption, mind you, we're 
 > 	not talking public/private key encryption here) will take longer to 
 > 	crack than the sun will take to finish super-nova'ing, even given
 > 	significant advances in hardwaremanufacturing.

What are you smoking?  Go visit the crypto newsgroups and read them for
a while;  it's no longer a matter of debate that the US Government finds
128 bit keys well within its reach.

Anyway, by the time you get to 128-bit keys it starts to be easier to
attack the algorithm through other methods.  For example, where are you
going to find a source of randomness with 128 bits of entropy on your 
Linux box?  If you can't, it's far simpler to attack the random number
generator that builds session keys than it is to attack the algorithm 
itself.

Incidentally, what upper bound are you placing on "significant advances
in hardware manufacturing"?

 > 	56-bit ciphers such as DES have been shown to be ineffectual since the 
 > 	80s (the EFF's massively parallel DES-cracker was postulated a couple 
 > 	of years ago, but was never actually built).

Yes it was.  It was used to solve the RSA 56-bit DES Challenge II in
less than 3 days.  It was later coupled with an rc5des client which
enabled the Challenge-III to be solved in approximately six and a half
hours. 

It cost under $250,000 to design and build, the design is publically
available, and it's estimated that further copies of it can be built
for under $100,000 each.

http://www.eff.org/pub/Privacy/Crypto_misc/DESCracker/HTML/19980717_oreilly_crackingdes_pressrel.html

http://www.oreilly.com/catalog/crackdes

 > > critical length of time increases, the cost of a machine which will
 > > break the key within that time decreases, and vice-versa.  For
 > > reference purposes, the DES cracker built by EFF, "Deep Crack," can
 > > be built for under US$100,000, and can crack a 56 bit DES key in a few
 > > hours.
 > 
 > 	...And 128-bits will "only" therefore take 4700000000000000000000
 > 	 hours (give or take) :)

With present technology.  And ignoring the fact that "deep crack" is
inherently scalable, leading to reasonably trivial power-of-two increases
in its capacity by adding additional gate-array modules.  And ignoring
the fact that the NSA has doubtless had machines just like it for years,
with a virtually unlimited budget.

You might like you reassess your time estimates.

   - mark

--------------------------------------------------------------------
I tried an internal modem,                    newton@atdot.dotat.org
     but it hurt when I walked.                          Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject