> Sujing Zhou <mailto:zhou.suj...@zte.com.cn> > 25 March 2013 06:54 > > Christian Huitema <huit...@microsoft.com> 写于 2013-03-25 12:33:40: > > > > What is the pointing of adding sec since the ratio of effor > > required by attacker and user is always 2^59, as Jari argued. > > > > 2^59 is a rather large number. Everything else being equal, another > > 1 second of computation at the user translates into another 18 > > billion years at the attacker. > Agree. How about 2^56? > My question is since CGA has 2^59 as a security guarantee, why bother > increase sec? > Because as processors get faster, the relative amount of work remains constant at 2^59, but the absolute amount of processing time per operation decreases for both attacker and defender. So the absolute amount of time required to mount a successful attack also decreases over the long term.
At some point, the absolute amount of time required to mount an attack will eventually be comparable to the amount of time an address is in use, which makes attacks attractive. Eventually you either have to reduce the time the CGA address remains in use, or make the algorithm more complex for both attacker and defender [add sec]. c.f. DES -> triple DES. > > > > -- Christian Huitema > > > > > > > Christian Huitema <mailto:huit...@microsoft.com> > 25 March 2013 05:33 > > 2^59 is a rather large number. Everything else being equal, another 1 > second of computation at the user translates into another 18 billion > years at the attacker. > > -- Christian Huitema > > > > ------------------------------------------------------------------------ -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
