FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 06-26-2008, 02:22 AM
Chris Walters
 
Default My last words on cryptology and cryptography.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Sebastian Wiesner wrote:
| "Jason Rivard" <jase.rivard@gmail.com> at Wednesday 25 June 2008, 23:53:23
[snip]
| A OTP cannot be broken using brute force, so the term "perfectly secure"
| fits here, imho, at least a bit

A OTP cipher would be *theoretically* impossible to crack, even given infinite
computing power. I use the word "theoretically" here because this "perfect
security" of OTP depends on a purely theoretical perfect setting.

http://en.wikipedia.org/wiki/One-time_pad

| Does that difference really matter for ciphers like AES or at least for
| brute-force attacks on random 256-bit keys?

The key word here is "random". Nothing generated by your computer can generate
pure entropy, only a good representation of it. Now if you have a computer
network at your disposal, and can get the computers working in parallel or in a
distributed manner, you will notice that tasks are completed much faster than
with one computer working on that task. A network of supercomputers would be
able to, in a sense, either work on breaking a single key at a time (assuming
CBC with keys >= blocks), then you could decrypt the message one block at a
time. I did not say it would be very fast, just faster than many people would
like to assume.

[snip]

| Still, there is a difference between the algorithm as such and a
| cryptosystem applying this algorithm.
|
| Btw, apart from general stuff like weak passphrases, that apply to most
| cryptosystems, really bad leaks often came from weak algorithms. Consider
| WEP.

An algorithm is just a "recipe" - a set of steps to achieve a task. The
implementation is the *only* thing that counts. A weak implementation of
AES256 would lead to a weak cryptosystem. While a strong implementation would,
theoretically, lead to a strong cryptosystem. I will state my view as a
programmer. An algorithm is next to useless without a working application that
uses it.

As an aside, let us say you use a USB thumb drive or the like to store a master
key, from which cryptographically random quality keys are derived. There would
be two weak points in that system. You, and the thumb drive. If any entity
can get you, your computer and your thumb drive, your data could be decrypted
without the need for a supercomputer.

[snip]

|>> Anyway, you may believe, what you want to believe, I'm just reflecting,
|>> what
|>> real experts like Bruce Schneier have been telling for years: It's
|>> wrong to trust into simple ciphers, but it's equally wrong, to believe,
|>> that anything can be broken.
|> It is equally wrong to believe that any cipher is immune to attack
|
| I don't and I did not say so, things like the Debian disaster bring you back
| to reality from dreams ...

With desktop computing power and speed growing at the rate that it currently
is, does it stretch the imagination so much that supercomputer power and speed
is also growing at a similar rate. Even if an AES256 key cannot be broken "in
a million years" by one supercomputer (*I* would like to see a citation for
that), there will soon be a time when it will be able to be cracked in a much
shorter time - with one supercomputer.

Regards,
Chris
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJIYv1LAAoJEIAhA8M9p9DAK44P/2ikcuihfTj6OgArcNvJUHNK
m1qwKpk8dRkkeeLQsNZJzZtd00Gv03dkV0pD3sEfzVlKl9TIao MheJ4D+XqHuorA
ojFfWjcV7eFs5C5rMpvyb96fQ+m98bfRuGNlwnb3Jwy82ehGsx dM3VuVQEgojsyi
TmFIuoS9moZrecLn+Smap5SxSvFmSdHpZ/sy0vbN78+58vvP/Fuq+uoqdz5fZcJH
HwPu+8euaabBOiiPBXInRYYCfSdDqS/X9VuUzetRIhU15B+yijBesDmeo9BjB3oi
ING3XFtbXiQ94/Kjzfz3Bx5MGotm2npM4H8TIr1SQSpB57j8+VHy+EepFWEjN3Dj
hh8D3d4hpw64oBi6Gj+P0b/4QYkot1yBdQvXXeAt7oappQ0QsFXv1CDvGS8tDQ9f
WWv9IXQ/1EaeQYPLVEv8kSuTxgqte4EcvpUJpIZ9Ku4Z8PGh50Bc2Y2AGl szezxk
IIk7eI/Z2wJquQ7+A8QLGpiuM2+2WDfrfdh/kvX4AZS6mYm/a2V95K9oPPGTqDgp
R5HwGW69hANARhdJAQg/GZFMrsi3BFGMDtj1EIVnWwXS1W3cAFZFIWJHWuBf0c06
5aQjYQNq055eUe1QvsIf0v3eyuG1QiOazb+0FaDJ1u9wrgsYQ7 G1hR9uVBCxyWz7
moYaBh171qt40nMFrp8u
=ond2
-----END PGP SIGNATURE-----
--
gentoo-user@lists.gentoo.org mailing list
 
Old 06-26-2008, 08:54 AM
Alan McKinnon
 
Default My last words on cryptology and cryptography.

On Thursday 26 June 2008, Chris Walters wrote:
> Sebastian Wiesner wrote:

> | I don't and I did not say so, things like the Debian disaster bring
> | you back to reality from dreams ...

This is the favoured method of cracking encryption - misuse by the user.
The canonical example is of course Enigma and the stupid mistake that
let the Allies crack it. This is entirely analogous to the Debian
fiasco.

> With desktop computing power and speed growing at the rate that it
> currently is, does it stretch the imagination so much that
> supercomputer power and speed is also growing at a similar rate.
> Even if an AES256 key cannot be broken "in a million years" by one
> supercomputer (*I* would like to see a citation for that), there will
> soon be a time when it will be able to be cracked in a much shorter
> time - with one supercomputer.

No-one has ever seriously said that it will take X time to crack a key.
The possibility exists that the first key randomly selected in a brute
force attack will match which gives you a time to crack in the
millisecond range.

The calculation is quite simple - measure how quickly a specific
computer can match keys. Divide this into the size of the keyspace. The
average time to brute force a key is half that value. AFAIK this still
averages out at enormous numbers of years, even at insane calculation
rates like what RoadRunner can achieve.

All this presupposes that the algorithm in question has no known
cryptographic weaknesses so brute force is the only feasible method of
attack currently.


--
Alan McKinnon
alan dot mckinnon at gmail dot com

--
gentoo-user@lists.gentoo.org mailing list
 
Old 06-26-2008, 06:35 PM
kashani
 
Default My last words on cryptology and cryptography.

Alan McKinnon wrote:
The calculation is quite simple - measure how quickly a specific
computer can match keys. Divide this into the size of the keyspace. The
average time to brute force a key is half that value. AFAIK this still
averages out at enormous numbers of years, even at insane calculation
rates like what RoadRunner can achieve.


256 bit keys. The
11579208923731619542357098500868790785326998466564 0564039457584007913129639936
keys are quite a lot to check (although, if all the atoms in the
universe [estimated 10^78] were to test 1 key/sec, it'd only take about
0.1157920892 seconds). However.. 512 bit keys with all the atoms testing
a trillion keys/second would take about
(2^512)/(10^78)/60/60/24/(36525/100)/(10^12) or 4.2486779507765473608e56
years..


I submit that brute forcing an AES key of reasonably length is
currently impossible in an amount of time that would matter to the human
race.


kashani
--
gentoo-user@lists.gentoo.org mailing list
 
Old 06-26-2008, 08:14 PM
Sebastian Wiesner
 
Default My last words on cryptology and cryptography.

Alan McKinnon <alan.mckinnon@gmail.com> at Thursday 26 June 2008, 10:54:43
> The calculation is quite simple - measure how quickly a specific
> computer can match keys. Divide this into the size of the keyspace. The
> average time to brute force a key is half that value. AFAIK this still
> averages out at enormous numbers of years, even at insane calculation
> rates like what RoadRunner can achieve.

According to Wikipedia RoadRunner is designed for 1.7 petaflops in peak.
Assuming for the sake of simplicity, that decryption can be performed
within a single flop:

(2^256) / (1.7 * 10^15) / 2 ~= 3.5 * 10^61

In years:

3.5 * 10^61 / 3600 / 24 / 356 ~= 10^54

Correct me if I'm wrong, but it seems impossible to me, to reduce this get
the required amount somewhere near to the life time of a human being

--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
 
Old 06-26-2008, 08:39 PM
Alan McKinnon
 
Default My last words on cryptology and cryptography.

On Thursday 26 June 2008, Sebastian Wiesner wrote:
> Alan McKinnon <alan.mckinnon@gmail.com> at Thursday 26 June 2008,
> 10:54:43
>
> > The calculation is quite simple - measure how quickly a specific
> > computer can match keys. Divide this into the size of the keyspace.
> > The average time to brute force a key is half that value. AFAIK
> > this still averages out at enormous numbers of years, even at
> > insane calculation rates like what RoadRunner can achieve.
>
> According to Wikipedia RoadRunner is designed for 1.7 petaflops in
> peak. Assuming for the sake of simplicity, that decryption can be
> performed within a single flop:
>
> (2^256) / (1.7 * 10^15) / 2 ~= 3.5 * 10^61
>
> In years:
>
> 3.5 * 10^61 / 3600 / 24 / 356 ~= 10^54
>
> Correct me if I'm wrong, but it seems impossible to me, to reduce
> this get the required amount somewhere near to the life time of a
> human being

Even with your ultra-liberal assumptions, it still comes out to:

1000000000000000000000000000000000000

times longer than the entire universe is believed to have existed thus
far (14 billion years). That is an unbelievable stupendously long
period of time. Yeah, I'd agree that brute force is utterly unfeasible
as a vector of attack. Not even the almighty NSA could ever pull that
one off as there simply aren't enough atoms in the universe to make a
supercomputer big enough.

Numbers don't lie.

--
Alan McKinnon
alan dot mckinnon at gmail dot com

--
gentoo-user@lists.gentoo.org mailing list
 
Old 06-26-2008, 09:52 PM
Steven Lembark
 
Default My last words on cryptology and cryptography.

I submit that brute forcing an AES key of reasonably length is
currently impossible in an amount of time that would matter to the human
race.


On average yes.

As already pointed out, however, there is nothing
to prevent the first guess from matching a key and
cracking one particular example of the cipher in
0.0001 seconds.

Therefore, brute forcing an AES key of any length
is quite possible, even if it is unlikely. q.e.d.

--
gentoo-user@lists.gentoo.org mailing list
 
Old 06-27-2008, 12:06 AM
kashani
 
Default My last words on cryptology and cryptography.

Steven Lembark wrote:


I submit that brute forcing an AES key of reasonably length is
currently impossible in an amount of time that would matter to the
human race.


On average yes.

As already pointed out, however, there is nothing
to prevent the first guess from matching a key and
cracking one particular example of the cipher in
0.0001 seconds.

Therefore, brute forcing an AES key of any length
is quite possible, even if it is unlikely. q.e.d.



This is not interesting data nor particularly relevant. That said, the
chances of your key is not randomly guessed are far far better than
average. Getting lucky is not the same as being able to evaluate a
significant portion of the key space in a short period of time.


kashani
--
gentoo-user@lists.gentoo.org mailing list
 
Old 06-27-2008, 01:04 PM
Sebastian Wiesner
 
Default My last words on cryptology and cryptography.

Steven Lembark <lembark@wrkhors.com> at Thursday 26 June 2008, 23:52:17
> > I submit that brute forcing an AES key of reasonably length is
> > currently impossible in an amount of time that would matter to the
> > human race.
>
> On average yes.
>
> As already pointed out, however, there is nothing
> to prevent the first guess from matching a key and
> cracking one particular example of the cipher in
> 0.0001 seconds.

A probability of something like 1 / 50000 to die in a car accident does not
one prevent from driving a car. But a probability of 1 / (2^256) of
finding the first key right away at the first guess is easily held up
against key security of AES ... now that's a very strange mismatch.

Apparently you consider the security of your life much, much less worth than
security of your encrypted hard disk ...

--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
 

Thread Tools




All times are GMT. The time now is 02:54 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org