 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 08/14/2013 09:38 AM, Edward Ned Harvey (blu) wrote: >> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- >> bounces+blu=nedharvey.com at blu.org] On Behalf Of Kent Borg >> >> Bruteforcing >> 128-bits is impossible. Bruteforcing 256-bits is 128-bits times as >> impossible. > Careful here. Someday, there might exist a perfect block cipher, but at present, all known block ciphers (including AES) suffer from the even-vs-odd permutation problem, which means, that a cipher with 128 bit key is only as strong as an ideal cipher with 64 bits. If you want 128 bit strength (BigO 2^128 operations to brute force attack), you have to use the 256 bit key. But you don't mean AES-128 can be broken today with 2^64 operations, do you? That sounds wrong--or theoretical. According to the current Wikipedia: "The first key-recovery attacks on full AES [...] requires 2^126.1 operations to recover an AES-128 key." (It seems like this is the kind of Wikipedia article that tends to be accurate.) Then they move on to side-channel attacks... Likely the NSA has a better attack. Maybe they have a *way* better attack and they can shave off another couple dozen bits. Still, a 100-bits plus of brute force is not something they can do on the cheap. They have to want it. It has to be a priority. And they can't get it tomorrow. Or next week. And I bet not a long time after that. -kb
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
