-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sebastian Wiesner wrote: | "Jason Rivard" <[EMAIL PROTECTED]> at Wednesday 25 June 2008, 23:53:23 [snip] | A OTP cannot be broken using brute force, so the term "perfectly secure" | fits here, imho, at least a bit ;)
A OTP cipher would be *theoretically* impossible to crack, even given infinite computing power. I use the word "theoretically" here because this "perfect security" of OTP depends on a purely theoretical perfect setting. http://en.wikipedia.org/wiki/One-time_pad | Does that difference really matter for ciphers like AES or at least for | brute-force attacks on random 256-bit keys? The key word here is "random". Nothing generated by your computer can generate pure entropy, only a good representation of it. Now if you have a computer network at your disposal, and can get the computers working in parallel or in a distributed manner, you will notice that tasks are completed much faster than with one computer working on that task. A network of supercomputers would be able to, in a sense, either work on breaking a single key at a time (assuming CBC with keys >= blocks), then you could decrypt the message one block at a time. I did not say it would be very fast, just faster than many people would like to assume. [snip] | Still, there is a difference between the algorithm as such and a | cryptosystem applying this algorithm. | | Btw, apart from general stuff like weak passphrases, that apply to most | cryptosystems, really bad leaks often came from weak algorithms. Consider | WEP. An algorithm is just a "recipe" - a set of steps to achieve a task. The implementation is the *only* thing that counts. A weak implementation of AES256 would lead to a weak cryptosystem. While a strong implementation would, theoretically, lead to a strong cryptosystem. I will state my view as a programmer. An algorithm is next to useless without a working application that uses it. As an aside, let us say you use a USB thumb drive or the like to store a master key, from which cryptographically random quality keys are derived. There would be two weak points in that system. You, and the thumb drive. If any entity can get you, your computer and your thumb drive, your data could be decrypted without the need for a supercomputer. [snip] |>> Anyway, you may believe, what you want to believe, I'm just reflecting, |>> what |>> real experts like Bruce Schneier have been telling for years: It's |>> wrong to trust into simple ciphers, but it's equally wrong, to believe, |>> that anything can be broken. |> It is equally wrong to believe that any cipher is immune to attack | | I don't and I did not say so, things like the Debian disaster bring you back | to reality from dreams ... With desktop computing power and speed growing at the rate that it currently is, does it stretch the imagination so much that supercomputer power and speed is also growing at a similar rate. Even if an AES256 key cannot be broken "in a million years" by one supercomputer (*I* would like to see a citation for that), there will soon be a time when it will be able to be cracked in a much shorter time - with one supercomputer. Regards, Chris -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJIYv1LAAoJEIAhA8M9p9DAK44P/2ikcuihfTj6OgArcNvJUHNK m1qwKpk8dRkkeeLQsNZJzZtd00Gv03dkV0pD3sEfzVlKl9TIaoMheJ4D+XqHuorA ojFfWjcV7eFs5C5rMpvyb96fQ+m98bfRuGNlwnb3Jwy82ehGsxdM3VuVQEgojsyi TmFIuoS9moZrecLn+Smap5SxSvFmSdHpZ/sy0vbN78+58vvP/Fuq+uoqdz5fZcJH HwPu+8euaabBOiiPBXInRYYCfSdDqS/X9VuUzetRIhU15B+yijBesDmeo9BjB3oi ING3XFtbXiQ94/Kjzfz3Bx5MGotm2npM4H8TIr1SQSpB57j8+VHy+EepFWEjN3Dj hh8D3d4hpw64oBi6Gj+P0b/4QYkot1yBdQvXXeAt7oappQ0QsFXv1CDvGS8tDQ9f WWv9IXQ/1EaeQYPLVEv8kSuTxgqte4EcvpUJpIZ9Ku4Z8PGh50Bc2Y2AGlszezxk IIk7eI/Z2wJquQ7+A8QLGpiuM2+2WDfrfdh/kvX4AZS6mYm/a2V95K9oPPGTqDgp R5HwGW69hANARhdJAQg/GZFMrsi3BFGMDtj1EIVnWwXS1W3cAFZFIWJHWuBf0c06 5aQjYQNq055eUe1QvsIf0v3eyuG1QiOazb+0FaDJ1u9wrgsYQ7G1hR9uVBCxyWz7 moYaBh171qt40nMFrp8u =ond2 -----END PGP SIGNATURE----- -- gentoo-user@lists.gentoo.org mailing list
