Re: GPG's vulnerability to brute force
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 15 May 2014 at 5:55:08 PM, in mid:ac4ef92f2c0a44f147cb3fedeb2ea...@butters.digitalbrains.com, Peter Lebbing wrote: Decryption using a wrench rather than a key; http://xkcd.com/538/ (don't forget the on-hover text!) I guess I never hovered over the picture before. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net If you save the world too often, it begins to expect it -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlN12Z5XFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pdIgEAMWYGgmFIEGuLwk9lR3csrbMzsQ4pGkOhhTS 1dMEeQcVzy07GEqcqaVKSgObh8hKC4W6ws1XfGSNMbexEVQALq98ykpSQDWSAQpK rRry4j8VbKx0PMjxPLMl3MCi+2+Rs6WqbjOQKgBoX+u7k4oEqqjJzazVrO1HYuUO 1Hy/+FZR =x0hL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to quantum cryptography
On Wed, 2014-05-14 at 22:26 +0200, gnupg-users-requ...@gnupg.org wrote: If you want to run the temperature lower than the ambient temperature of the cosmos (3.2K), you have to add energy to run the heat pump -- and the amount of energy required to run that heat pump will bring your energy usage *above* that which you would've had if you'd just run it in deep space at 3.2K. Now where did you calculate that from? In fact arriving at a realistic estimate for the energy needed to brute force AES is really hard work. (Besides: Who can say for sure that we cannot get some bits from cryptoanalytic progress(two bits already crumbled). The cracking of DES was indeed a combination of analyzing some bits and the finishing up the rest by brute force.) IMHO you can run the calculations entirely at low temperature, whatever technology you use to get there. Then you only need contact to the warm world once to transmit the result(for negligible effort!). Look at it this way: A hypothetical nuclear organism in the sun might communicate with us about a result we calculate for it in order to crack some stellar cryptosystem. This doesn't force us to heat our computers to 1 K and burn all this energy needed for calculating at high temperature. We could e.g. communicate the result to that being via pulsed gamma rays These discussions tend to get an interesting quasi-religious setting: 1.) We don't have anything other than AES (At least many people think so.) so one type of character says: We don't have anything else so it must be safe and we must defend that conviction against heresy. the other type (me) is equally mazed and says: They don't want to give us anything else, so it must be unsafe. Relying on them is heresy... May be I should switch sides entirely and go with the very practical asbestos longjohns. I really like the picture :-) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to quantum cryptography
Now where did you calculate that from?
$dS = \frac{\delta Q}{T}$
Second Law of Thermodynamics, which you just broke. Have a nice day.
And no, I am not going to explain this further. My reason for this is
simple: you need to take college-level courses in differential and
integral calculus, partial differential equations, statistics, and
statistical physics in order to get in-depth here. This is a mailing
list, not the first two years of university.
But, just so you don't think I'm pulling this out of nowhere:
http://en.wikipedia.org/wiki/Limits_to_computation
Look at bullet point two.
IMHO you can run the calculations entirely at low temperature, whatever
technology you use to get there. Then you only need contact to the warm
world once to transmit the result(for negligible effort!).
You're entitled to your opinion, but not your own facts. You are
claiming you can violate the Second Law. My response: prove it.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to quantum cryptography
Now where did you calculate that from? Forgot one more reference -- look at Schneier's _Applied Cryptography_, where he talks about the physical limits of the cosmos. He has a physicist's error in his presentation (he's off by a factor of ln 2), but he confirms the Second Law necessity of a heat pump that would offset any benefit from running at a lower temperature. (By a physicist's error, physicists think of hypothetical computers that run in base e [2.71828], while computer scientists think of real ones that run in base 2. A physicist's hypothetical computer needs kT joules to clear a nat, while a real computer uses kT ln 2 to clear a bit. Schneier's text talks in terms of bits, but he does the math in terms of nats ... which makes a kind of sense, given he has a graduate degree in physics.) Now, can we put this ridiculous talk of of course we can break the Second Law! to rest? If someone points out to you that your pet theory of the universe is in disagreement with Maxwell's equations -- then so much the worse for Maxwell's equations. If it is found to be contradicted by observation -- well, these experimentalists do bungle things sometimes. But if your theory is found to be against the second law of thermodynamics I can give you no hope; there is nothing for it but to collapse in deepest humiliation. -- Arthur Eddington ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg smartcard on boot for LUKS on sid debian howto ?
Hi all, I answer my self, after, many many tests done, in fact it isn't actually possible to do it under sid debian = root cause bug on systemd : Debian Bug report logs - #618862 systemd: ignores keyscript in crypttab link here : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618862 Best Regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to quantum cryptography
On 16/05/14 14:37, Michael Anders wrote: In fact arriving at a realistic estimate for the energy needed to brute force AES is really hard work. (Besides: Who can say for sure that we cannot get some bits from cryptoanalytic progress(two bits already crumbled). You cannot get bits of cryptanalytic progress for brute-force. Brute-force is by definition completely independent of such things. And nobody here claimed a realistic estimate. All that was claimed was a lower bound. 1.) We don't have anything other than AES (At least many people think so.) What does the specific cipher used have to do with anything? Since I don't see where in the thread you replied, I'm not sure if we're still debating quantum cryptography or that we're discussing brute-forcing. Quantum cryptography was only discussed relating either to asymmetric crypto, which AES isn't, or in relation to Grover's algorithm, which is used to brute-force an algo. When brute-forcing, the choice of algorithm is irrelevant by definition. AES is simply used as an example, but the stuff discussed so far would go for any symmetric algorithm with a 128-bit key. Only the number of bitflips per trial would vary, which was never really established anyway, but tentatively put at quite a lot. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to quantum cryptography
Quantum cryptography was only discussed relating either to asymmetric crypto, which AES isn't, or in relation to Grover's algorithm, which is used to brute-force an algo. Peter is correct, but a little clarification may be in order. Grover's is not a brute-forcing algorithm: it's a search algorithm. To turn Grover's into a brute-forcer you treat the entire keyspace as an extremely large database and you're searching through it to find one particular entry -- the key. If you get into more depth in quantum computation you'll see Grover's appear in lots of different contexts. It's an important and fundamental algorithm that has applicability far beyond crypto. Let me repeat: Peter is completely correct. I just want to make sure people understand that although Grover's can be used to help brute-force a cipher, it is not itself a cryptographic algorithm. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Some broken links on the openpgp website
Hello, i'm new to this list/community so I hope this is the place to report such things. * Links for list pages are broken in https://lists.gnupg.org/: there's a port (8002) in the urls which if you remove will take you to the correct pages. These links are ok in https://www.gnupg.org/documentation/mailing-lists.html * Also, the links to portuguese and japanese gnupg pages are broken in https://www.gnupg.org/documentation/sites.html. Pt seems to not exist anymore, and Jp might be going through some configuration hard times. If this is not the place, can someone point me to the correct place to report these? Thanks for the nice piece of software! ab. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]
First: I agree with everything skipped in the quotes.
On Wed, May 14, 2014 at 07:31:26PM -0400, Robert J. Hansen wrote:
On 5/14/2014 6:11 PM, Leo Gaspard wrote:
BTW: AFAICT, a nuclear warhead (depending on the warhead, ofc.) does
not release so much energy, it just releases it in a deadly way.
A one-megaton nuke releases a *petajoule* of energy. That's a lot.
When people start using the phrase peta- to describe things, I
suddenly become very interested in their Health Safety compliance.
This is a petawatt laser. This is a petawatt reactor. This is a
petajoule of energy. This is Peta Wilson.[1]
Well... A nuclear reactor produces 1GW, and thus produces 1PJ in 10^6 s, that is
approx. 11 days 14 hrs. Sure, you may be very interested in Health Safety
compliance of nuclear reactors, but...
* You state the energy would be released (or did I misunderstand?).
Wikipedia states it is a minimum possible amount of energy required
to change one bit of information So no ecological catastrophe (not
counting nuclear waste, CO2, etc)
You're beginning to make me a little irate here: the Wikipedia page
answers this in the second sentence of its first paragraph. Any
logically irreversible manipulation of information ... must be
accompanied by a corresponding entropy increase.
Key phrase: Entropy increase.
Layman's translation: Heat increase.
The Landauer Bound gives not just a minimum amount of energy necessary
to change a bit of information, but how much heat must be liberated by
that computation. And I repeat, this is in the second sentence of the
first paragraph of the Wikipedia article...
Well... Currently, at a French equivalent of undergrad level (CPGE), we're
learning entropy is a theoretical quantity, that has no real-world meaning --
thus not creating heat. Actually, its unit (J.K^{-1}) does seem to validate this
interpretation: contrarily to e.g. enthalpy, it's not an energy. Perhaps are we
oversimplifying, or perhaps did I completely misunderstand the teachers, but if
this is true there is no heat release. OTOH there would be heat absorption
through the need to move the entropy out of the system -- provided AES is not
reversible (see below for my case against that point).
information on each flipped bit. Actually, IIUC, flipping a bit is a
reversible operation, and so the landauer principle does not apply.
Look! A bit of information: ___
That's what it was before. Of course, it's now carrying the value '1'.
So, tell me: you say bit flips are reversible, so what was the value
before it was 1? I promise, I generated these two bits with a fair coin
(heads = 0, tails = 1).
Well... If the operation the bit just underwent was a bitflip (and, knowing the
bruteforcing circuit, it's possible to know that), the bit was a '0'.
I believe I must have misunderstood your challenge! (Or, just coming to my mind:
maybe was I unclear: when saying bitflip I did not mean setting a bit, but
rather setting its value as 1 - old value.)
Reversible means we can recover previous state without guessing.
Current computing systems are not reversible.
I do not state that physically our processors are reversible. I do not even
state any processors might ever be, or adiabatic computers might ever exist.
I just state the theoretical application going from the set of 128-bit keys to
the set of 128-bit cleartexts (with the 128-bit ciphertext fixed) is a bijection
(or so I hope -- unless many keys produce the same ciphertext from the same
cleartext, which would be an attack on AES and ease bruteforce naturally).
As a consequence, I cannot see where a bit of information was lost, and thus
where Landauer's bound is supposed to apply. But maybe am I the one lost here!
Thanks for your previous and hopefully future answers,
Leo
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]
This is the last I will be saying on the subject. I am not interested in teaching a course on thermodynamics. Well... A nuclear reactor produces 1GW, and thus produces 1PJ in 10^6 s, that is approx. 11 days 14 hrs. Sure, you may be very interested in Health Safety compliance of nuclear reactors, but... But what? This in the same ballpark as you'd get from releasing a half-kilogram of antimatter on the world. It's big. There are no but...s about it. Well... Currently, at a French equivalent of undergrad level (CPGE), we're learning entropy is a theoretical quantity, that has no real-world meaning There are two equivalent ways to define entropy, one using thermodynamics and one using statistical mechanics. When using the statistical mechanics definition it's easy to forget you're talking about the real world instead of just juggling around a lot of numbers and probabilities. When using the thermodynamic definition you get your fingers burned and that reminds you you're talking about *thermodynamics* -- how heat moves around in a system. Well... If the operation the bit just underwent was a bitflip (and, knowing the bruteforcing circuit, it's possible to know that), the bit was a '0'. It was actually a 1. The two bits were 1 and 1. Knowing the second value was a 1 is of no help whatsoever in recovering the previous state. The previous state could have been anything. The bit has no memory of what it was before: that information is lost to the universe, and there is a corresponding increase in entropy (heat) associated with it. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
