Weak Elliptic Curve Cryptography Brute-Forced 270
thegrommit writes "It seems one implementation of elliptic curve cryptography has been broken. It took four years to break a 109 bit key, but the contest sponsors (who provide encryption products for Cisco, Nortel and Palm among others) believe it's still impossible to break their 163 bit keys. The real question is, for how long?" Update: 11/07 01:59 GMT by T : Dan Kaminsky wrote to point out that the key here was really brute forced, and not broken -- that is, no fundamental flaw was discovered in the algorithm.
secure enough (Score:4, Insightful)
Security for the Masses (Score:5, Interesting)
RC5 took almost 5 years to crack, but take look at the graph [distributed.net]. At the beginning of 1998 there were about 15 GigaKeys/sec. Then look at the increase.
Sure, a fair portion of the increase was also the addition of new computers, but 261 days to double is comfortably below Moore's Law. If the whole project had run continuously at 200 GigaKeys/sec, it would have taken under 2.5 years, and under two years at their reported peak rate of 270 GigaKeys/sec.
So, if we follow the 261 day doubling statistic they had, all these encryption methods seem weaker than reported. The big issue is if it's 4 years now, it's 1 year soon, and 3 months, soon after.
If the cracking power scales nearly linearly, shouldn't we make some projections on how fast we can crack this encryption in a year? In two years?
If your data is very time sensitive, then most "strong" encryptions currently available will do. If your data is, however, of a continuously sensitive nature (some corporate or government info), maybe you should be looking at the 1000+ bit keys now.
Re:Security for the Masses (Score:2, Informative)
1000+ bit keys (or larger) are mandatory for secure large-prime public key systems now, but they are overkill for elliptic curves. Adding one bit to an ECC key gives relatively more strength than adding one bit to an RSA key does; that 109 bit ECC problem is already roughly comparable to factoring a 512 to 640 bit product of large primes.
But thanks for playing anyway.
Right... (Score:3, Insightful)
What's your point?
Re:Rep:Security for the Masses . decimal . (Score:2)
Re:secure enough (Score:2)
Re:secure enough (Score:2, Interesting)
Brute-Forced != broken (Score:5, Informative)
--
Re:Brute-Forced != broken (Score:2, Insightful)
It WAS broken: It wasn't cracked (Score:2)
However, it wasn't cracked open. There wasn't a shortcut, a tragic flaw in the algorithm. Just time and computer power tossed at it.
Re:Brute-Forced != broken (Score:4, Insightful)
Re:Brute-Forced != broken (Score:4, Insightful)
Encrypt your data using a key large enough in proportion to the length of time it will take to brute force if someone started today with a supercomputer. Essentially it takes X amount of time to check if a key is valid multiply that by number of combinations and you have a rough guess. So if you want something to be safe for a longer period of time (assuming no fundamental weakness is found in the algorithm), then encrypt it with a larger key - every bit doubles the probable time to break it at current cpu speeds. Of course you have to factor in the approximate doubling of cpu speeds every 18 months... but all that really means is that if we add a bit to the key length every 18 months going forward it will continue to take just as long to break into newly encrypted data.
The fact remains that most people don't have anything that needs to be kept 'secret' for a long time anyway. Credit card numbers for online purchases? Those expire after a couple years and the amount of financial gain is not worth the time/cost to break the code. Given that you still need supercomputer equivalents to brute force this encryption it's unlikely that your neighbor is going to be reading your email anytime soon. Even at 109-bit.
Re:Brute-Forced != broken (Score:2)
Re:Brute-Forced != broken (Score:2, Insightful)
Re:Brute-Forced != broken (Score:5, Informative)
Re:Brute-Forced != broken (Score:2)
IMO, "breaking" implies that you've found an error in the algorithm or discovered a Gunter Janek-style shortcut which allows you to read the encoded information.
Re:Brute-Forced != broken (Score:2)
Difference between brute force and cryptanalysis (Score:5, Informative)
Just because brute-force is an inelegant method of breaking encryption doesn't mean it isn't valid.
Brute force just gives a baseline against which other attacks can be measured. With a brute-force break, it takes the same amount of time to break one key that it takes to break any other. With a cryptanalytic attack, on the other hand, you only need to successfully attack one key as a proof of concept; once you've expended the effort to break one key cryptanalytically, you've broken the system and probably reduced the effort to break a key by a couple dozen orders of magnitude relative to the baseline.
Re:Difference between brute force and cryptanalysi (Score:2, Insightful)
Not strictly true. It is possible that a brute-force attack will hit upon the right key at its first attempt. Or indeed, not until the last possible key in all of the keyspace. On average, though, the correct key will be found 0.5 way through the keyspace search.
Re:Difference between brute force and cryptanalysi (Score:3, Insightful)
But yes, this isn't breaking the algorithm, by any means. In fact, the contest is meant to show how infeasible a brute-force attack is against larger key sizes.
Re:Brute-Forced != broken (Score:3, Informative)
Re:Brute-Forced != broken (Score:5, Insightful)
It's a valid distinction to make, since a flawed algorithm may be unsafe at any key length.
Is my front door broken? (Score:3, Insightful)
Impossible (Score:5, Insightful)
Re:Impossible (Score:5, Informative)
Except that they didn't use the word 'impossible'... you can thank the slashdot editor for that bit of nonsense. The article actually claims it is "computationally infeasible" to break the larger keys.
Assumptions assumptions! (Score:4, Interesting)
An example of such an assumption is that it takes n log(n) time to sort a list of n elements, using the best sort possible. The proof of this is based on the compare statement. However, there are sorts that work in O(n) time, not O(n log(n)) such as a radix sort which does not use the comparison operator (a/k/a "if-then-else").
The assumptions made are that brute-force is the only way to break this code.
I don't know of any attacks on elliptic curve crypto, when implemented correctly. That doesn't mean they don't exist using different assumptions, different number systems, or different computer hardware. (Quantum computing looks very promising to destroy our complacent attitude toward "computationally infeasable" problems.)
Where have I see this before? (Score:3, Informative)
Apple and FEE (Score:4, Interesting)
INSECURE?! LOL (Score:2, Funny)
Personally, I feel that if the CIA or NSA wishes to spend that kind of processing power just to break in my research paper notes, let them. Hell, I'll even donate my computers to the project to help them.
Re:Apple and FEE (Score:3, Informative)
"It would be about 100 million times harder (to break) than what was just done," Vanstone said. "If you could get every machine on the planet working on the problem...you're still not going to be able to touch the 163 problem."
I don't think Apple has any troubles using this key as of yet. And it's certainly not an insecure approach to OS security. The encoding of these algorithms is quite fast. This would be a good performance thing for the OS.
Re:Apple and FEE (Score:2)
Re:Apple and FEE (Score:2)
4 long years and the answer was ... (Score:5, Funny)
Some Background (Score:5, Informative)
http://mathworld.wolfram.com/EllipticCurve.html [wolfram.com]
It was also use by Anrew Wiles in 1993 to prove Fermat's famous last thereom.
http://mathworld.wolfram.com/FermatsLastTheorem.ht ml [wolfram.com]
Enjoy!
Free software gets a share (Score:2, Informative)
Money going to good cause (Score:3, Informative)
How Long? A Loooooooong Time... (Score:4, Informative)
According to calc.exe, 4 * 2^53 years is 36,028,797,018,963,968 years. Anybody want to start working on that one?
Hello? (Score:2)
If Moore's law holds up that long, I'll eat my hat.
Re:Hello? (Score:2)
and if thats not what you meant then could you reexplain it?
even with moores law... if computing capacity doubles every 1.5 years.... then the equation for it would be something like 0,x integral (4 years * 2 ^ 54)/ (x/1.5)^2
where x= time taken to brut force this based on current standard
I think anyone know if that is right and if so is has anyone taken calc in the last 10 years to help me figure that one out?
sorry for the terrible notation but it has been a while
Re:Hello? (Score:2)
It's precisely what I meant. Each bit doubles the number of operations. Computer speeds double every 18 months. Therefore, for computer speeds to double 54 times (in order to keep up with the keyspace doubling in size, 54 times), you need 54*18 months.
Yes yes, I appreciate your calculus, but we're talking rough estimates here :) And that would only apply if your computer smoothly transitioned and somehow became faster and faster at the rate of Moore's law.
In any case, it's certainly different from billions of aeons!
Re:Hello? (Score:2)
you are basically saying that every 18 months the equivilent of one bit of difficulty is removed so you have the 54*18 and then have the extra four years of figureing out the current 109 key alright
anyway I was basing my system on the distributed computing method assumiong an even upgradepattern with nill participant growth
thanks for the clarification.. would still love to know the asnwer to the calc problem
Re:Hello? (Score:2)
I think its integral from 0 to a for that equation solve for what value does a need to be for the integral to = 2^58
Re:Hello? (Score:2)
Re:Hello? (Score:3, Insightful)
Re:Hello? (Score:2)
Got an answer to the calc question?
Re:Hello? (Score:2)
roughly... 2^54 / 2^(n/1.5) = 4 * (2^(4/1.5))
Don't forget computer processesors speed up too... (Score:2)
How long would it have taken if they just started this year on today's hardware?
With the introduction of faster chips and memory, it might only take another 4 years.
Re:How Long? A Loooooooong Time... (Score:2)
It took the power of 10,000 computers running around the clock for 549 days, coupled with the brain power of a mathematician at Indiana's University of Notre Dame, to complete one of the world's largest single math computations.
Calc.exe says that's 1.50 years, with 10,000 systems (no mention of CPU speed or configuration. The contest started four years ago, but Notre Dame didn't start participating until almost two years ago.
Furthermore, today's Pentium 4 2.8 GHz (or Athlon XP if you prefer) is far more powerful than the <=1 GHz CPUs available around the time that these systems were constructed. The article's short on details, so it doesn't mention if the systems were SMP-configured, or if they were all single-CPU nodes.
This was a brute force attack as well - You can always decrease the time by throwing more computing power at it.
The number *is* still incredibly huge, but not quite as huge as you say.
Re:How Long? A Loooooooong Time... (Score:5, Informative)
The following is one of the better articles on this subject:
A. Lenstra and E. Verheul, "Selecting Cryptographic Key Sizes," [springer.de]
Journal of Cryptography, v. 14, 2001, pp. 255-293.
A PDF file of the article can be downloaded here [future.co.kr].
Re:How Long? A Loooooooong Time... (Score:2, Insightful)
No code is impossible... (Score:4, Insightful)
Just add a bit, and suddenly you've pushed off the efficiencies gained by moore's law for another 18 months. By going to 163 bits, you've got a good 80 years before the that key can be broken in the same time as this 109 bit key. Frankly I wouldn't be too worried about that problem.
As long as your crypto is good enough to make it too expensive to crack for those who might want to crack it, you've got no worries. And I don't see a lot of people out there able to throw together the 10K computers to crack a key who also don't mind wasting almost two years on the effort.
Re:No code is impossible... (Score:2)
You're going to need a good number of supercomputers about the level of IBM's upcoming Blue Gene system to even think about attempting a crack of 163-bit "elliptical code."
Re: No code is impossible... (Score:2)
> Just add a bit, and suddenly you've pushed off the efficiencies gained by moore's law for another 18 months. By going to 163 bits, you've got a good 80 years before the that key can be broken in the same time as this 109 bit key.
I'm not familiar with the relevant statistics, but it may be the case that the number of computers that we can usefully cluster together is also growing exponentially, in which case our cracking speed is actually growing at O(e^{e^t}). I would guess far less than 80 years before a brute force attack works against 163 bits.
Re:ALMOST no code is impossible... (Score:2, Informative)
Re:No code is impossible... (Score:2, Informative)
There is no such thing as a crypto key that is impossibile to crack. What it comes down to is how improbably it is to crack it. In this example, it took 10,000 computers 549 days to crack it and it's only 109 bits. At 163 bits, that's a doubling in difficulty for ever (sic) additional bit.
Just add a bit, and suddenly you've pushed off the efficiencies gained by moore's law for another 18 months. By going to 163 bits, you've got a good 80 years before the that key can be broken in the same time as this 109 bit key. Frankly I wouldn't be too worried about that problem.
As long as your crypto is good enough to make it too expensive to crack for those who might want to crack it, you've got no worries. And I don't see a lot of people out there able to throw together the 10K computers to crack a key who also don't mind wasting almost two years on the effort.
There are lots of organizations with 10,000 computers, or more. There are distributed systems like SETI which could put a million computers on this problem. People can improve the algorithms used to attack the problem.
I doubt it'll be 80 years before 163 bit is brute forced.
Quantum? (Score:2)
So you can break it, but everyone will know you did, ie: you can't eavesdrop.
Quantum Crypto and OTP (Score:5, Informative)
Messages encrypted with a OTP have been deciphered in the past, but not from any mathematical failing- people simply failed to correctly follow the rules.
1. You need a random process to generate the pad. This means random, not pseudorandom. Admittedly, modern pseudorandom number generator algorithms are very complex, and trying to reverse engineer (hey!) a PRNG from just a stream of outputs would be a mammoth task. Rules are rules, however complex- if your pad is pseudorandom, your cipher will only be pseudo-uncrackable. The Enigma produced vey complex keys with a convoluted series of rules, but if you know how an Enigma works, as the Brits did, you can use the ciphertext to help find the key, and then dechiper the entire message. This is one area where quantum mechanics fits in- lots of nice random phenomena arise naturally from quantization- I'll get back to that. Also, the key on the pad must be as long as the message you wish to encode- if you try to encode a 2000-character message by using a 1000-character key two times, your security is no longer guaranteed.
2. Only use each key on the pad once. That's why it's a one-time pad. If you use the same key more than once, you remove the randomness, and create a pattern that can help the cryptanalyst. Deciphering will still be difficult- but if you wanted difficult, you could have just used triple-DES or RSA or elliptic curve crypto- those are all varying degrees of difficult. You want impossible.
OTP is unbreakable, if you follow the rules- but the rules are really hard follow. You need random processes, and once you have these neat pads, you face the Key Exchange Problem- if you have an agent out in the field that you'd like to communicate with, and you must communicate in an absolutely secure fashion, you must get a copy of the one-time pad to the agent- it's the only thing that will decipher your messages. However, you can't just pick up the phone and relay the contents of the pad to your agent- the enemy might be bugging your phones- and hilarious hijinks will no doubt ensue when the enemy uses their new your insecurely transmitted pad to read your secure encrypted messages. Encrypting transmission is a good idea, but you can't use OTP to send the first OTP to the agent- how will the agent decrypt his encrypted pad? The classic analogy is that you're trying to send a key (think physical, lock-opening key) in a locked box that only the key inside the box can open. You could encrypt the key with hardass public key crypto, say 1024-bit RSA, but that isn't unbreakable in the same now-and-forever sense as OTP. It would be vulnerable to quantum computers, and vulnerable to any computer if someone discovered a polynomial time algorithm for prime factorization of really gigantic numbers, or if I win a Clay Mathemtics Prize for proving P=NP. You could of course do what the government does for secure key distribution- send couriers carrying OTPs directly to the agent in the field. This is an expensive, difficult, dangerous method, so better ways were searched for.
This is of course where Quantum Cryptography comes in. Photons all have specific polarizations. You can send a stream of randomly polarized photons through a polarizing filter, and photons with the same polarization angle as the filter will pass, while those with a polarization rotated 90 degrees with respect to the filter are blocked. What then happens to photons that have some intermediate angle? On the macroscale, we can say that the intensity of the light is a function of the angle, and infer that at a 45 degree tilt, 1/2 of the light is blocked, and 1/2 passes through. Enter Quantum Mechanics. It is fairly obvious to see the effect that polarizing filters have on a large scale quantity of light, but what about individual photons? Since the intensity of light at a 45 degree angle is 1/2 its normal value, one can infer that one half of the photons with a 45 degree polarization pass through, while one half are blocked. Simple enough. But if you send just one photon through with a 45 degree polarization, can you determine whether it will pass through? The answer, surprisingly enough, is no. You cannot determine whether a photon will pass through, and you will not know whether it passed through until it hits (or fails to hit) a detector on the other side. Can't determine? That makes it a random process, perfect to set up a OTP. It happens to have some interesting side benefits as well. Since the possibilities are pass and blocked, two possibilities- a string of photons sent at the filter produces a random binary sting of 1's (passed) and 0's (blocked). There is another fascinating benefit- if someone tries to sit in the middle of the photon stream and determine photon polarization, their eavesdropping will be evident- by checking the polarization of a photon in transit, they change the value of the polarization. All two people using quantum crypto need to do is confirm a few values that were sent (this can be done insecurely, since these values will not actually be used in the cipher pad)- if they match up, then send the message, encoded with the OTP, if not, someone is eavesdropping, and so discard the pad. It's a lot more complex than that, of course, but that's the general idea- you can use QC to generate a one-time pad, and then send it in such a way that you know whether or not you're being spied on.
Even if it was "broken" ... (Score:5, Insightful)
Re:Even if it was "broken" ... (Score:2, Insightful)
It seems to me that encryption has little value for long term security. Encryption won't stop a thief from breaking in and absconding with one's files. It may deter them electronically but not physically. At that point, it doesn't matter how many times you've refreshed the keys on your files since you won't have another opportunity do so. The thief could have all the time they want to crack the code.
If you want to get your data from point A to point B and have some assurance that no one has peeked at it or modified it, then encryption is a wonderous thing. If you want to keep something a secret for many years, then you need a concrete bunker!
My $0.02. Your milage may vary.
Re:Even if it was "broken" ... (Score:2)
True, but you can have as much physical security as you think you need (or can afford). Plus, if it takes someone a year and a half to decode your data, you have a fair bit of time to do whatever damage control is necessary. Also, if you did something like say cut up all the bytes of your data and seperate them into eight files and then encrypted each file individually, it would take that much longer to crack, esp if all those files where stored in different locations (one can of course dream of multiple ways to make the problem near impossible to deal with).
Re:Even if it was "broken" ... (Score:2, Insightful)
clarification (Score:2)
Re:Even if it was "broken" ... (Score:2)
Duplicate article... (Score:5, Informative)
Whats so hard about 163-bit? (Score:2, Insightful)
Re:Whats so hard about 163-bit? (Score:2, Insightful)
Re:Whats so hard about 163-bit? (Score:3, Insightful)
Assuming Moore's Law roughly holds, that's about lg(54) * 1.5 = 11.5 years before systems can break this thing in four years.
Now, that's actually a little shorter than one might like, and more importantly, it doesn't leave as much breathing room as one might like if more holes are found, but...
Re:Whats so hard about 163-bit? (Score:3, Informative)
The point is, a code with, say, 1024-bit keys may only give you, say, a 700-bit keyspace.
Broken Elegantly vs Broken By Brute Force (Score:2, Insightful)
Re:Broken Elegantly vs Broken By Brute Force (Score:2, Insightful)
Not correct. One time pads are secure forever, as long as the pad is protected from compromise.
Arms race (Score:4, Insightful)
Re:Arms race & Quantum Computers (Score:2)
While it might be possible that a certain algorithm can be cracked exponentially faster with a quantum computer, you still have to find that algorithm. RSA is dependent on factoring large numbers, and is weak against quantum computers due to Shor's algorithm, but that doesn't imply all public key cryptography is.
As far as I'm aware nobody has conclusively determined whether or not quantum computers will be able to break elliptic curve cryptography any faster than classical computers, but there are algorithms (based on coding theory) which have been proven to be just as secure against quantum computers as they are against classical computers.
Re:Arms race & Quantum Computers (Score:2)
I am a bit curious as to how they proved this exactly since AFAIK no quantium computer (to date) has ever achevied stability.
Otherwise though great comment, and thank you for pointing out the fact that quantum computers are not the end all point, as your conclusions and speculations prove my point wonderfully- cryptography is nothing more than an arms race, there will always be someone, somewhere that will take the next step forward, be it creating a nifty new algorithm or figuring out how to break the latest nifty algorithm.
4 years? (Score:5, Funny)
Mod this guy up as Funny (Score:2)
"How long" is the question... (Score:4, Interesting)
Purists will argue against that idea, but I am being realistic here.
163-bit keys bill begin to break when... (Score:2, Insightful)
too new... to say impossible. (Score:5, Insightful)
More info (Score:2, Redundant)
can anyone help me figure this one out? (Score:2)
assuming the key is 54 bits longer and therefor 2^54 times harder to brutforce. How long would it take to solve if you started now and included moore's law?
even with moores law... if computing capacity doubles every 1.5 years.... then the equation for it would be something like 0,x integral (4 years * 2 ^ 54)/ (x/1.5)^2
where x= time taken to brut force this based on current standard
I think
anyone know if that is right and if so is has anyone taken calc in the last 10 years to help me figure that one out?
sorry for the terrible notation but it has been a while
It's *NOT* broken!!! (Score:4, Insightful)
What happened is they brute-forced a 109-bit key. That's a small key. The minimum used in this company's product is 163 bits. While I wouldn't call this "impossible," it certainly is computationally secure for several years, and that's the minimum size.
When distributed.net cracked the 64-bit RC4 key, you didn't hear anyone saying "Oh no! OFB stream ciphers are broken!" That's about what this article amounts to: they brute-forced a small key, and
A little math (Score:2, Redundant)
I mean, it's one thing if you don't know if it can be done, then you get the thrill of proving it can be done, but if you're just brute-forcing the damn thing, which it sounds like what happened here, then all I can say is, what a waste.
Something most fail to realize (Score:2)
This is the first and only person to break their 109-bit key. They took over 500 days with 10,000 computers worth of power. This is by no means an average time or even the upper limit of the time necessary.
You *could* crack the 109-bit key tomorrow if you started in the morning and your 10th inputs were somehow lucky enough to be the right ones. Or, you could start tomorrow and have it take 10 years instead of 2. The more important thing is: of the 109-bit possibilities (2^109?), how many did the 10,000 computers have to go through in 500+ days to finally reach the correct inputs?
Until we truly do have *impossible*-to-beat encryption, we still have to rely on making higher and higher improbabilities to reduce the chance that someone could stumble onto the correct input to break even 1024-bit encryption in a day.
Perfect encryption (Score:2)
Re:Perfect encryption (Score:2)
Off course, that also doesn't take into account the non-randomness of the created pad (I misplaced my quantum event counter...).
Maybe it'd be better if I said "until we have a truly impossible to break encryption system that is worth using for realistic situations...".
"As a practical person, I've observed that one-time pads are theoretically unbreakable, but practically very weak. By contrast, conventional ciphers are theoretically breakable, but practically strong." - Steve Bellovin (taken from http://www.ranum.com/pubs/otpfaq/index.htm )
Here's an idea: (Score:4, Interesting)
There are plenty of nontrivial engineering problems out there, especially when you take a trip into thermodynamics and fluid flow. Let's solve those. Or sequence the human genome to grow an extra arm or something. Or better yet, let's put the computing power of mankind to work to randomly generate a script for Episode 3 that won't make us want to beat Lucas senseless with our plastic lightsabers. Why can people scrape together all these prizes for pointless pseudo-intellectual drivel but nobody can get some money behind something worthwhile, or at least interesting?
Here's an idea: Instead of using distributed computing for all this junk science, let's start a central distributed network. This network would have a basic interface element for all the major OS configurations, and would be able to update from the web with whatever mathematic formula and trial space it was supposed to run at a given time. Everyone everywhere could download the client, and set it up to run with whatever processor load they wanted, update on a schedule, maybe vary processor load on a schedule so it works extra hard when you're not using the system. Not much of an interface really. Then some organization, say the NSF or better yet an international science conglomerate, could alot portions of the system load to projects they deemed worthy, depending on complexity and value. The cost is basically nothing, in fact since you could get somebody on the planet to write the code for free one weekend, and the bandwidth would likely be rather low, you would most likely not be talking about the cost of funding a minor research project. Users could still run other distributed clients if they wanted, and the system would be completely voluntary. But it would attract a lot of attention and users, do some good for mankind, and direct our computing power in positive directions.
Weak Elliptic Curve Cryptography Broken (Score:3, Insightful)
Re:Weak Elliptic Curve Cryptography Broken (Score:2, Interesting)
Think of EMP shielding (Score:4, Interesting)
"Give me a big enough hammer and a place to stand and I can break practically anything"
-Archimediocrates
Re:Think of EMP shielding (Score:2)
-Gallagher [gallaghersmash.com]
So? (Score:3, Insightful)
4 years THEN... (Score:2)
and should we be using 218 bit keys for data that should be secure for more than 4 years?
<HUMOR>maybe we should have the cia encrypt and submit to public the domain all of thier classified information. said info would be encrypted with key lengths appropriate for the amount of time they wish the data to be hidden. that would ensure that we all get to know what really happened, safely after those who are at fault have retired and entered hiding somewhere us courts can not punish (like winona ryder's [go.com] house.
Though the charges can carry a prison term of up to three years, it is unlikely that Ryder will be sentenced to jail time.)</HUMOR>
mistaken math (Score:4, Informative)
every time you increase the bit length by 1, it doubles the brute processing time it takes to crack it. A 219 bit key is 109 bits longer then a 109 bit key, therefore it would take 2^109 = 6.4903710731685345356631204115251e+32 times as long to crack it. If I recall correctly, the reason why you sometimes see huge keys that are 1024 or 2048 bits long is the possibility that a weakness is found in the encryption technique that makes it a lot faster to brute force the key.
219 is 109 more than 109? (Score:3, Funny)
Kjella
$4 billion of computing? (Score:2)
What are the trade offs of adding bits (Score:2, Interesting)
No 'impossible' to see (Score:2)
'Impossible' is the wrong word to use when it comes to cryptography.
Perhaps that's why that word is nowhere in the text linked to.
It's exactly the attitude not to have, if you care about security.
Re:obscurity (Score:2)
Re:(OT) Slashdot is an English language board (Score:4, Informative)
Why? What good does that do? But since you care, it's in Luo [ethnologue.com], and is just copied from jaluo.com [jaluo.com]. Not that that helps you understand what it says...
Re:(OT) Slashdot is an English language board (Score:2)
I have no idea... I just found the page by doing a Google search on some of the words. Like I said, knowing what language it's written in doesn't help in understanding it.