|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use RequirementsAt 16:48 07/02/01, Joshua Tseng wrote: >While we're on the topic of security, my source (Schnieder) >indicates that in 1995, it takes 3.5 hrs average to brute-force >single DES. They also estimated that by 2000, the CPU power >available would reduce that time to an average of 21 minutes. >On the other hand, with 128-bit keys (and 3DES has 168-bit keys) >would still require on the 10**17 years. I'm assuming you meant Schneier. It isn't just time; it is both time and capital cost. You omitted the cost portion of the graph (Schneier, 2nd Edition, page 153, table 7.1). For 3.5 hours in 1995, the hardware cost was $1E9. Most folks don't have ready access to hardware with that capital cost. The book estimates (same page, just above the table) that to get to the 3.5 hour mark in 2000, the hardware cost would be around $1E6. There is probably some real data on what the EFF DES box cost and its brute-force rate, but this entire paragraph is mostly sidebar to the main point that some kind of security is needed. >This attack doesn't need to happen real-time. All I need is >a sniffer, and I could do all the attacks offline. Once I have >the key(s), all your data is mine. How often does the key change ? How many keys do you have to break brute-force to get the interesting data ? How much data can you steal with a given key ? Good key management practices are an important part of security. >Regardless, your point is well taken. Some encryption is better >than nothing--in MOST cases. Thanks. Cheers, Ran
Home Last updated: Tue Sep 04 01:05:33 2001 6315 messages in chronological order |