Re: Cost of a brute force attack

From: jaf (seanlock27_at_hotmail.com)
Date: 10/04/04 

Date: 4 Oct 2004 10:38:49 -0700

Kelsey Bjarnason <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in message news:<pan.2004.10.04.10.37.55.797915@xxnospamyy.lightspeed.bc.ca>...
> On Sat, 02 Oct 2004 13:47:45 +0100, jaf wrote:
>
> > Hi,
> >
> > I was wondering how much it would cost to brute force 256bit Blowfish
> > encryption?
>
> With 256 bits, there are some 2^256 possible unique values. So, all we
> need to do is try 2^256 unique inputs and we're guaranteed to wind up with
> at least one that'll match.
>
> Assuming we can try, say, a billion items per second, just how long would
> that take? Approximately...
> 3671743063080802746815416825491118336290905145409708398004109 years.
>
> > I have also been confused by various comment on the net about how secure
> > Blowfish is. Some seem to say it can be cracked, or is weak, others say
> > it would take a computer billions of years to crack. Which statement is
> > more accurate?
>
> Cracking a crypto system is not a matter of brute force. It's a matter of
> looking for mathematical patterns, bits of predictability where there
> should be none, that sort of thing. Is Blowfish weak? I don't know. I
> do know that if it is, it won't be broken by brute force methods.

Thanks everyone for all the comments.

So it appears that brute force should'nt be a concern, which i guess
is a good thing for those that use it. Correct me if I'm wrong, but
can 56bit DES be brute forced? If so, is this the only method of
cracking DES? or does DES have any weaknesses which would not require
brute force?

I know DES is around 30 years old and obviously a lot of clever people
have tried to find weaknesses and haven't found any, or enough to be
able to crack it. Could i assume if no-one can crack it in 30 years,
will they ever?

Also if Blowfish could be looked upon in the same way as DES, i.e it
has no real weaknesses, it may be decades, maybe even centuries before
someone discover a way to crack it other than brute force?

Regards,

S.L

Relevant Pages

  • Re: Cost of a brute force attack
    ... > So it appears that brute force should'nt be a concern, ... Google for "deep crack". ... Google "differential cryptanalysis" ... > have tried to find weaknesses and haven't found any, ...
    (sci.crypt)
  • Re: Silly beginner questions
    ... for details on how DES - not the subset 3DES - is broken. ... elapsed time to brute force a key (typically as a function of the key ... size/space) compared to the expected lifetime use of such keys. ... force attacks for specified length of time. ...
    (sci.crypt)
  • Re: Silly beginner questions
    ... for details on how DES - not the subset 3DES - is broken. ... most of the "broken" scenarios involving brute force, ... size/space) compared to the expected lifetime use of such keys. ... force attacks for specified length of time. ...
    (sci.crypt)
  • Re: Silly beginner questions
    ... for details on how DES - not the subset 3DES - is broken. ... most of the "broken" scenarios involving brute force, ... size/space) compared to the expected lifetime use of such keys. ... force attacks for specified length of time. ...
    (sci.crypt)
  • Re: wanna do something nerdy and cool?
    ... Finally every programmer have to read the CPU-manuals. ... | private/public key systems -- university students have already proven ... | that all those popular key-based systems (like DES) can be cracked; ... Right, self-destroying keys are more tricky to crack, ...
    (alt.lang.asm)