Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Encryption and risk



On Tue, Oct 6, 2009 at 10:09 AM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> False two counts. ?One, the Universe doesn't have enough time and/or
> energy to run an exhaustive brute force attack on a single 128-bit
> keyspace (Von Neumann-Landauer Limit).

correct, as far as it goes. Moores Law doesn't help against VNLL, so a
theoretically 'finite' unicity distance doesn't give a practical
attack, no matter how redundant the plaintext

However, non-brute force -- including key reuse, meet in the middle,
miss in the middle, chosen plaintext etc -- can still work in the
finite practical world, and Moore's Law and theoretical analytic
advances must be assumed will eventually unravel modern algorithms.

'meet in the middle' attacks are a large part of why 3DES with 3*56
bit key isn't safer than AES128, and why DES EDE with 2*56 bits key
was considered better than plain 3DES with 3*56 bit.

And if anyone recorded the RSA PKI exchange of the symmetric secret
key, Moores law and number theory advance  will eventually factor the
modulus, exposing the impossible to brute force the key.

And likely sooner, the datacenter will dispose of the hard drive with
the private keys, quite possibly relying on the contractor to
erase/destroy, if not held in a tamperproof device (which may
irretrievably lose keys in failure).

> Two, a one-time pad is effectively unbreakable. ?You could brute force
> a short message but you would get multiple different messages without
> knowing which is the correct one. ?Thus, while an OTP can be cracked
> (deciphered by someone other than the intended recipient) the cracker

I would prefer to say that the OTP is *theoretically* uncrackable due
to infinite unicity distance, but *has* repeatedly been cracked *in
practice* due to difficulty of actual implementation (truly random
pad, truly one-time, incorruptible key distribution). [VENONA, GEE]


-- 
Bill
n1vux-WYrOkVUspZo at public.gmane.org bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org