On Sat, Feb 19, 2005 at 03:53:53PM +0000, Dave Howe wrote:Indeed so. however, the argument "in 1998, a FPGA machine broke a DES key in 72 hours, therefore TODAY..." assumes that (a) the problems are comparable, and (b) that moores law has been applied to FPGAs as well as CPUs.I wasn't aware that FPGA technology had improved that much if any - feel free to correct my misapprehension in that area though :)FPGAs are too slow (and too expensive), if you want lots of SHA-1 performance, use a crypto processor (or lots of forthcoming C5J mini-ITX boards), or an ASIC. Assuming, fast SHA-1 computation is the basis for the attack -- we do not know that.
I am unaware of any massive improvement (certainly to the scale of the comparable improvement in CPUs) in FPGAs, and the ones I looked at a a few days ago while researching this question seemed to have pretty much the same spec sheet as the ones I looked at back then. However, I am not a gate array techie, and most of my experience with them has been small (two-three chip) devices at very long intervals, purely for my own interest. It is possible there has been a quantum leap foward in FPGA tech or some substitute tech that can perform massively parallel calculations, on larger block sizes and hence more operations, at a noticably faster rate than the DES cracker could back then.
Schneier apparently believes there has been - but is simply applying moore's law to the machine from back then, and that may not be true unless he knows something I don't (I assume he knows lots of things I don't, but of course he may not have thought this one though :)
