Re: Someone said 256 bits is not enough

From: "giorgio.tani" <giorgiotani@xxxxxxxxxxxx>
Date: Thu, 28 Feb 2008 06:24:44 -0800 (PST)

So, I guess what I'm trying to say is am I missing something or does
it sound like the guy was just flat wrong?

Probably.
The broadest consense in the community is: 128 bit are enough to
protect for 10-30 years of likely computing evolution, 256 bit are
enough to protect data against any actually conceiveable computing
evolution, in the sense any cast about time for bruteforcing 256 bit
keyspace is so far away from current computing capabilities that it
would be too daring to calculate (the longer the projection is away
from current days, the more probably the scenario will differ from
today's conceiveable projections).

Another thing to note is that is very hard to remember passwords
(passphrases) with enough enthropy to effectively use 256 bit keyspace
(even 128 bit one!) so dictionary or social engineering attacks will
probably be by far the best practical form of attack, making quite
useless to discuss about keyspace resilience to bruteforce.
Using keyfiles or biometry may raise the difficulty for opponents, but
lets the door open to other kinds of attack, orders of magnitude
easier than bruteforcing the keyspace, like rubberhousing, corruption,
cracking computing equipment, installing software or hardware
keyloggers, use tempest-like equipment to intercepting clear text data
flow etc... so with any probability resilience to bruteforcing the
keyspace will always be the stronger link of the security chain, the
least probable a good attacker will chose.
.

Follow-Ups:
- Re: Someone said 256 bits is not enough
  - From: Sebastian G.
- Re: Someone said 256 bits is not enough
  - From: Pubkeybreaker

References:
- Someone said 256 bits is not enough
  - From: TomFoolery

Prev by Date: Re: triple algorithms
Next by Date: Re: Someone said 256 bits is not enough
Previous by thread: Re: Someone said 256 bits is not enough
Next by thread: Re: Someone said 256 bits is not enough
Index(es):
- Date
- Thread

Relevant Pages

Re: Cracking SSL
... > a brute force throught the 40 bit keyspace a little more tractable. ... What made the attack more feasible than the "mere" 40bit key was ... poor PRNG code was in the server-side RSA key generation software. ... still being offered by production SSL servers is unknown to me: ...
(sci.crypt)
Re: What is the accepted technical definition of the word break?
... The keyspace of TripleDES is 168 bit, but the fastest known attack ... Is faster than brute force, regardless of how little the improvement is. ...
(sci.crypt)
Re: What is the accepted technical definition of the word break?
... >> attack the algorithm in practice. ... > equals to a keyspace of only 112 bit. ... Nevertheless TripleDES is not ...
(sci.crypt)