[cryptome] Eccentricity: How Hard to Crack a Cryptosystem

  • From: John Young <jya@xxxxxxxxxxxx>
  • To: cypherpunks@xxxxxxxxxx,cryptography@xxxxxxxxxxxxx,cryptome@xxxxxxxxxxxxx
  • Date: Mon, 02 Sep 2013 17:49:37 -0400

One of the many eccentricities of crypto is speculating on how
long and how much computing power would be needed to crack
a particular cryptosystem, its algorithm or "implementation."
A favorite of popular writing on the topic, it is likely these
claims are pure fiction fabricated to satisfy headlines and
deadlines -- and, as always, to market or rididule a competitor's
piece of shit.

No Wikipedia entry on the phrase "crypto implementation,"
the all-time favorite excuse for the shit's absolute certain failure.

Some examples among hundreds:

No. 1


[No date]

DigiCert's base standard is to use 2048-bit keys in secure SSL certificates - that is enormously stronger than anything Lenstra et al attempted, in fact, it would require factoring a 617-digit number. RSA Labs claim (see: http://www.rsa.com/rsalabs/node.asp?id=2004) that 2048-bit keys are 2^32 (2 to the power of 32) times harder to break using NFS, than 1024-bit keys. 2^32 = 4,294,967,296 or almost 4.3 billion, therefore breaking a DigiCert 2048-bit SSL certificate would take about 4.3 billion times longer (using the same standard desktop processing) than doing it for a 1024-bit key. It is therefore estimated, that standard desktop computing power would take 4,294,967,296 x 1.5 million years to break a DigiCert 2048-bit SSL certificate. Or, in other words, a little over 6.4 quadrillion years.

In putting together our video, we estimated the age of the Universe to be 13,751,783,021 years or a little over 13.75 billion years, therefore if you tried to break a DigiCert 2048-bit SSL certificate using a standard modern desktop computer, and you started at the beginning of time, you would have expended 13 billion years of processing by the time you got back to today, and you would still have to repeat that entire process 468,481 times one after the other into our far far distant future before there was a good probability of breaking the certificate. In fact the Universe itself would grow dark before you even got close.


No. 2


How secure is AES against brute force attacks?

Mohit Arora, Sr. Systems Engineer & Security Architect, Freescale Semiconductor

5/7/2012 05:29 PM EDT

Even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years). If one were to assume that a computing system existed that could recover a DES key in a second, it would still take that same machine approximately 149 trillion years to crack a 128-bit AES key.


No. 3


The clock is ticking for encryption

The tidy world of cryptography may be upended by the arrival of quantum computers.

By Lamont Wood

March 21, 2011 06:00 AM ET

Today's encryption algorithms can be broken. Their security derives from the wildly impractical lengths of time it can take to do so.

Let's say you're using a 128-bit AES cipher. The number of possible keys with 128 bits is 2 raised to the power of 128, or 3.4x1038, or 340 undecillion. Assuming no information on the nature of the key is available (such as the fact that the owner likes to use his or her children's birthdays), a code-breaking attempt would require testing each possible key until one was found that worked.

Assuming that enough computing power was amassed to test 1 trillion keys per second, testing all possible keys would take 10.79 quintillion years. This is about 785 million times the age of the visible universe (13.75 billion years). On the other hand, you might get lucky in the first 10 minutes.

But using quantum technology with the same throughput, exhausting the possibilities of a 128-bit AES key would take about six months. If a quantum system had to crack a 256-bit key, it would take about as much time as a conventional computer needs to crack a 128-bit key.

A quantum computer could crack a cipher that uses the RSA or EC algorithms almost immediately.


No. 4


Thanks, XKCD

Other related posts:

  • » [cryptome] Eccentricity: How Hard to Crack a Cryptosystem - John Young