-----BEGIN PGP SIGNED MESSAGE-----
Sebastian Wiesner wrote:
| "Jason Rivard" <firstname.lastname@example.org> at Wednesday 25 June 2008, 23:53:23
| A OTP cannot be broken using brute force, so the term "perfectly secure"
| fits here, imho, at least a bit
A OTP cipher would be *theoretically* impossible to crack, even given infinite
computing power. I use the word "theoretically" here because this "perfect
security" of OTP depends on a purely theoretical perfect setting.
| Does that difference really matter for ciphers like AES or at least for
| brute-force attacks on random 256-bit keys?
The key word here is "random". Nothing generated by your computer can generate
pure entropy, only a good representation of it. Now if you have a computer
network at your disposal, and can get the computers working in parallel or in a
distributed manner, you will notice that tasks are completed much faster than
with one computer working on that task. A network of supercomputers would be
able to, in a sense, either work on breaking a single key at a time (assuming
CBC with keys >= blocks), then you could decrypt the message one block at a
time. I did not say it would be very fast, just faster than many people would
like to assume.
| Still, there is a difference between the algorithm as such and a
| cryptosystem applying this algorithm.
| Btw, apart from general stuff like weak passphrases, that apply to most
| cryptosystems, really bad leaks often came from weak algorithms. Consider
An algorithm is just a "recipe" - a set of steps to achieve a task. The
implementation is the *only* thing that counts. A weak implementation of
AES256 would lead to a weak cryptosystem. While a strong implementation would,
theoretically, lead to a strong cryptosystem. I will state my view as a
programmer. An algorithm is next to useless without a working application that
As an aside, let us say you use a USB thumb drive or the like to store a master
key, from which cryptographically random quality keys are derived. There would
be two weak points in that system. You, and the thumb drive. If any entity
can get you, your computer and your thumb drive, your data could be decrypted
without the need for a supercomputer.
|>> Anyway, you may believe, what you want to believe, I'm just reflecting,
|>> real experts like Bruce Schneier have been telling for years: It's
|>> wrong to trust into simple ciphers, but it's equally wrong, to believe,
|>> that anything can be broken.
|> It is equally wrong to believe that any cipher is immune to attack
| I don't and I did not say so, things like the Debian disaster bring you back
| to reality from dreams ...
With desktop computing power and speed growing at the rate that it currently
is, does it stretch the imagination so much that supercomputer power and speed
is also growing at a similar rate. Even if an AES256 key cannot be broken "in
a million years" by one supercomputer (*I* would like to see a citation for
that), there will soon be a time when it will be able to be cracked in a much
shorter time - with one supercomputer.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
email@example.com mailing list