[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Double DES calculations



[email protected] (Norman Hardy) wrote:

> >Anyone care to estimate what the cost of the RAM alone for the
> >"MITM interface" machine would be?  Let's see, for two 56 bit beys, you'd
> >need storage for 2^57 blocks of 8 bytes each, or 2^60 bytes.  At $40 per
> >Mb, or so, that would come to ... let's see ... $4 * 10^51 for memory
> >alone.  And once the list of blocks started growing as the attack
> >progressed, could the interface processor keep up with the other two, in
> >real time?  Massively parallel processors might speed both ends of the
> >attack, but the "database comparison phase" would be the real bottleneck,
> >IMHO.
> ...
> DAT tape, not RAM, I think. At $5 per GB I get $5*10^11 to hold the info.
> MITM requires a sort of this which requires roughly log(10^20) passes with
> a favorable constant. This will wear out a bunch of DAT drives but that is
> relatively minor. This is about an order of magnitude bigger than a
> project that I considered once to find the optimal solution to the Rubics
> cube.

"Only" $500 Billion, huh (for tapes and drives alone)?  Let's see how the
logistics work out on that.  If each tape drive measured 2"X4"X6", and if
they were mounted in racks, back-to-back, five feet high, with three feet
wide aisleways between them, they would require 3.2 million square feet of
floor space.  (How big is the entire Pentagon, BTW?)  Assuming each of the
300 million tape drives consumed 25 watts of power, the total power
consumption would be 7500 megawatts!  At $0.10 per kwh., it would cost $1
million/hour in power costs alone, assuming a 33% overhead for removing all
they heat they generated.

Assuming it took an average of five seconds to load a tape into a drive,
loading 300 million tapes would take 16,680 man hours, or roughly 10
man-years assuming a normal 40 hr./week work schedule.  A set of replacement
tapes alone would cost $3 Billion.

It has been estimated that breaking single-DES would take 1.35 hours on a
hypothetical "super-DES-breaker" machine, searching half the total keyspace,
with a 50% probability of finding the key in that time.  You yield the same
probability on double-DES would require searching 71% of the keyspace, which
would take roughly two hours, using TWO such machines.  During that two
hours, each of the 300 million tapes would be filled with data, but no
actual MITM comparisons would have occurred yet.  Thus far, we've spent $2
million on electricity alone.

Now let's assume that each block of data generated was at least pre-sorted
onto one of the 150 million available drives during the initial phase,
according to its MSBs, or whatever.  Now it remains to check for matches for
the data on each of the 150 million drives on the ENcryption side with the
corresponding drive on the DEcryption side.  Let's further assume 150
million processors each assigned to handle a pair of drives, one on each
side.  Assume that a complete pass through the tape would require the same
two hours as it took to write the data there in the first place, with
buffered I/O so that at least half of the drives are running at full speed,
and ignoring any rewind time between passes.

Assuming a fast enough processor, the number of passes required would vary
according to the ratio of the total data on each tape, divided by the total
RAM, with the available RAM available for searching equalling four times the
search block size to allow double buffering on both sides.  With that in
mind, the number of passes required would equal to ( 4 * 4 Gb / RAM ).  If
64 Mb of RAM is available per processor, then a total of 256 passes would be
required, for a total search time of 512 hours.  The sum total of all the
RAM on all 150 million processors would be 2 * 10^16 bytes.  At $40/Mb, the
RAM alone would cost $800 Billion, bringing the total cost of this machine
to $1.3 TRILLION!  The time required to crack a double-DES key is over 200
times that of a single-DES key, at a cost in excess of half a BILLION
dollars per 112 bit key.

While that *MIGHT* be technologically feasible, it probably wouldn't be
politically feasible.  That is probably more than the sum total of all US
defense spending in out 120 year history, and probably more than "Star Wars"
was projected to cost.  That'd be a bit hard to hide in a "black" budget.

Of course, there are various ways of trading dollars for time in designing
such a system.  Speed is virtually proportional to cost.

Nevertheless ... if you've got the time to do TRIPLE-DES, it's probably
still wise, "Justin Case"...

 /--------------+------------------------------------\
 |              |  Internet: [email protected]   |
 | Dave Sparks  |  Fidonet:  Dave Sparks @ 1:207/212 |
 |              |  BBS:      (909) 353-9821 - 14.4K  |
 \--------------+------------------------------------/-/