# No Subject

```-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Being paid to be paranoid, I prefer to use averages instead of
absolutes.  So your numbers would then be:

56 bits -- ( 2^56 / 3.88E12 )*0.5 = 2.6 hours
64 bits -- ( 2^64 / 3.88E12)*0.5 = 27.5 days
80 bits -- ( 2^80 / 3.88E12)*0.5 = 36.5 years
128 bits -- ( 2^128 / 3.88E12)*0.5 = 1.4E18 years.

So a brute force on a 56 bit key would take, on average, 2.6 hours--
using your computational power assumption below-- with half of all
keys brute forced being found before that time and half being found
after that time and most being found around 2.6 hours.  This is
assuming a fairly random distribution of keys within a large set of
keys to be attacked.  You can meter your level of safety by changing
the minimum average percentage of keys found (50%, 25%, 75%) to your
taste (or management's taste) or by increasing the key size.

me.

- -----Original Message-----
From:	Harvey Rook (Exchange) [SMTP:[email protected]]
Sent:	Wednesday, October 28, 1998 11:01 AM
To:	[email protected]
Subject:	Speed records, and brute force state of the art.

- From the New York Times...

WASHINGTON-The Energy Department will take delivery on Wednesday of
what the
Government says is the world's fastest computer, capable of a peak
performance of 3.88 trillion calculations, or teraflops, a second.

Just to simplify things, let's assume that 1 flop == 1 decryption. I
know
that's not true, but it's very close, and it's certainly less than one
order
of magnitude off.

So, with this assumption how long does it take to break various key
sizes?

56 bits -- 2^56 / 3.88E12 = 5.2 hours
64 bits -- 2^64 / 3.88E12 = 55 days
80 bits -- 2^80 / 3.88E12 = 9873 years
128 bits -- 2^128 / 3.88E12 = 2.8E18 years.

And now you know.

Harv.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>

iQA/AwUBNjcVv3UkEFXvH2ZAEQJRJQCeOPXRZpMwlFKHjUWktgBMRSL626sAnR/m
TJAfMTXEdf5pYW+rLiACRlWD
=WYHJ
-----END PGP SIGNATURE-----

```