Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX

On 08/14/2013 09:38 AM, Edward Ned Harvey (blu) wrote:
>> From: at [mailto:discuss-
>> at] On Behalf Of Kent Borg
>> Bruteforcing
>> 128-bits is impossible.  Bruteforcing 256-bits is 128-bits times as
>> impossible.
> Careful here.  Someday, there might exist a perfect block cipher, but at present, all known block ciphers (including AES) suffer from the even-vs-odd permutation problem, which means, that a cipher with 128 bit key is only as strong as an ideal cipher with 64 bits.  If you want 128 bit strength (BigO 2^128 operations to brute force attack), you have to use the 256 bit key.

But you don't mean AES-128 can be broken today with 2^64 operations, do 
you?  That sounds wrong--or theoretical.

According to the current Wikipedia: "The first key-recovery attacks on 
full AES [...] requires 2^126.1 operations to recover an AES-128 key."  
(It seems like this is the kind of Wikipedia article that tends to be 
accurate.)  Then they move on to side-channel attacks...

Likely the NSA has a better attack.  Maybe they have a *way* better 
attack and they can shave off another couple dozen bits.  Still, a 
100-bits plus of brute force is not something they can do on the cheap.  
They have to want it.  It has to be a priority.  And they can't get it 
tomorrow.  Or next week.  And I bet not a long time after that.


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /