[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

Hash: SHA1

Being paid to be paranoid, I prefer to use averages instead of
absolutes.  So your numbers would then be:

56 bits -- ( 2^56 / 3.88E12 )*0.5 = 2.6 hours
64 bits -- ( 2^64 / 3.88E12)*0.5 = 27.5 days
80 bits -- ( 2^80 / 3.88E12)*0.5 = 36.5 years
128 bits -- ( 2^128 / 3.88E12)*0.5 = 1.4E18 years.

So a brute force on a 56 bit key would take, on average, 2.6 hours--
using your computational power assumption below-- with half of all
keys brute forced being found before that time and half being found
after that time and most being found around 2.6 hours.  This is
assuming a fairly random distribution of keys within a large set of
keys to be attacked.  You can meter your level of safety by changing
the minimum average percentage of keys found (50%, 25%, 75%) to your
taste (or management's taste) or by increasing the key size.


- -----Original Message-----
From:	Harvey Rook (Exchange) [SMTP:[email protected]]
Sent:	Wednesday, October 28, 1998 11:01 AM
To:	[email protected]
Subject:	Speed records, and brute force state of the art.

- From the New York Times...

WASHINGTON-The Energy Department will take delivery on Wednesday of
what the
Government says is the world's fastest computer, capable of a peak
performance of 3.88 trillion calculations, or teraflops, a second. 

Just to simplify things, let's assume that 1 flop == 1 decryption. I
that's not true, but it's very close, and it's certainly less than one
of magnitude off.

So, with this assumption how long does it take to break various key

56 bits -- 2^56 / 3.88E12 = 5.2 hours
64 bits -- 2^64 / 3.88E12 = 55 days
80 bits -- 2^80 / 3.88E12 = 9873 years
128 bits -- 2^128 / 3.88E12 = 2.8E18 years.

And now you know.

Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>