[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

# Internet, the cracking machine

```On Tue, 10 Oct 1995, Mike Fletcher wrote:

>
> Well, security bugs aside (and I've got the sun4.1.3_u1 and Win32 ns2b
> distributions :) has anyone given any thought to using Java to do some
> sort of Chinese Lottery attack.  I was re-reading App. Crypto. last
> night and it could be feasable.  If you could get your key cruncher
> thread loaded into a good many browsers to run when idle . . . .  How
> many estimated copies of NS are there?  Anyone want to do the math? :)

Ok, I'll bite.  Let's figure out how many MIPS years it takes to brute force
various keylengths (assuming 100 instructions per key):
56: 2e3
64: 6e5
80: 4e10
128: 1e25

Andrew M. Odlyzko in his paper "The Future of Integer Factorization"
estimates the computing power of the Internet at 3e7, and the number of
MIPS years to factor a 1024 RSA key to be 3e11.  I think both numbers are
probably off by a factor of 10 - Internet's computing power is probably
closer to 3e8 and MIPS years to factor 1024-bit key may be closer to 3e10.

So assuming that you can get the entire Internet to help you, the amount
of time it takes for various attacks is:

brute force keys of bit
56: 4 minutes
64: 1 day
80: 130 years
128: 3e16 years

factor RSA keys of bit
512: 20 minutes
768: 50 days
1024: 100 years
2048: 1e11 years

If you are reading this from an archive, divide the brute force numbers by
4**(your current year-1995), and the factoring numbers by 8**(your current
year-1995), for a factor of 2 improvement per year in each of the
following: average CPU power, number of computers on the Internet, and
factoring algorithm.

(Note that the above estimates are meant to err on the low side.  I would
be VERY surprised if anyone actually manages to accomplish any of the
above attacks in the amount of time given.)

Wei Dai

```