# Re: Bonehead basic crypto question

From: Benjamin Choi (contact_at_technosoft21.com)
Date: 10/18/03

```Date: 18 Oct 2003 02:45:57 -0700

```

zoomzoomzoom@xtra.co.nz (Matthue Gera) wrote in message news:<F73kb.182172\$JA5.4557778@news.xtra.co.nz>...
> Good question Ben,
> you know doubt know that computing power is multiplying
> itself on the desktop at a very fast rate. So are supercomputers that
> can be used for brute force attempts.
>
> You are right that 128bit is strong, however with the advances we have seen
> in computing power recently we need to step up and take advantage in more
> powerful technology when it arrives. 128bit encryption is old, its that
> simple. It is much easier and quicker to crack today, therefore we need to
> increase the odds even more, way above whats considered 'acceptable',
> then we can be sure what we have now will not be so easily compromised in
> the near future.
Doesn't the entire universe have only about 2^264 particles, excluding
dark matter? Even if 128-bit is breakable with quantum computers,
256-bit is long enough to remain secure indefinitely even if quantum
computers are invented.

Consider:
2^64 (cracked using latest technology) = 18446744073709551616 only
2^256 = 1.1579208923731619542357098500869e+77
No. of particles in universe = 2.9642774844752946028434172162224e+79

Even if 256-bit is broken by brute force using quantum computers
several eons from now, 448-bit symmetric key strength should remain
impossible to search forever.

2^448 = 7.26838724295606890549323807888e+134

And since longer keys are typically harder to remember, as short a key
as is secure should be used. Not short enough to be attacked in the
next few eons, but not long enough to forget.

Usually attackers won't attempt to crack encryption using brute force,
unless the key is irresistably short (e.g. 40-bit). They will attempt
to find shortcuts which require a feasible amount of computing
resources and time. People might like to say "even if an algorithm is
secure against analysis, if the key is short enough it can be broken
by brute force. This is usually the weak link." However it seems that
the key size is usually the strong link. Most algorithms today have an
adequate key size (128 or 256-bit would do, although I prefer 256-bit
being extremely paranoid). And the "even if an algorithm is secure
against analysis" is a huge if. 99.9% of all algorithms are not secure
against common and upcoming attacks such as differential, linear,
related-key, boomerang and others to be discovered. Rather than have
huge key sizes, one should choose an adequately large key (256-bit to
be conservative) and focus on eliminating shortcut attacks.

Many people here would rather use a tested algorithm like 128-bit
Twofish (perhaps with number of rounds cranked up a bit, from 16 to 32
rounds if paranoid, to make it totally difficult to attack) than a
1,000,000 bit VME encryption if their lives depended on it.

Just thinking:
If there's a tradeoff for speed vs security and your life depends on
it, why use a slow algorithm rather than Twofish with the number of
rounds cranked up?
e.g. David Scott's Scott19U is "much more secure than AES, even though
it is 1000 times slower". Why not use AES with 10x1000=10000 rounds?
Then it would run at the same speed as Scott19U, but be very secure.

```--
Benjamin Choi
```

## Relevant Pages

• MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows"
... Microsoft is recommending using the Secure Hash ... Algorithm 256 encryption algorithm and AES (Advanced Encryption ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
(Pen-Test)
• Re: Meganet on Cryptogram again
... It doesn't matter how theoretically insecure the algorithm might be. ... even a simple XOR and it would still be secure for Meganet's customers. ... The security of their algorithm would depend on psychology, ... All I see here is attacks on Meganet the company, ...
(sci.crypt)
• Re: a way psuedo random numbers can be used in cryptography
... I've read about brute force, dictionary, ... and encryption flaw attacks, and only the first two apply. ... attacks on the algorithm ALWAYS apply. ...
(sci.crypt)
• Re: external drive help
... > as big as the data you want to secure. ... brute force trial and error. ... and compromise the physical security ... I'd say this is the number one error of amateur attempts at encryption, ...
(comp.security.misc)
• Re: Permutations and calculated strength in bits
... The FNS provides a one-to-one mapping between all ... can be properly interfaced the algorithm. ... What is important about keys is that they are secure. ... The mere fact that you think this is a competition perfectly ...
(sci.crypt)