Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Comparing Algorithms On The List OfHard-to-brut-force?

From: Andrew Farmer <andfarm () gmail com>
Date: Tue, 1 Nov 2005 10:55:31 -0800
On 01 Nov 05, at 10:11, Brandon Enright wrote:
Brute forcing an algorithm suggests that you are not attacking a weakness or known flaw in the algorithm but rather just running through the keyspace trying to recover the plaintext. In that case, whichever allows you to use 
the most bits is what you want.
Note that the encryption speed of an algorithm is *not* a significant factor in the time taken to brute-force it, except for extremely small keyspaces! Remember that the time taken to brute-force an N-bit algorithm that takes K 
seconds per encryption is, on average

        N
   K * 2
which increases much more rapidly with N than it does with K. Adding even one more bit will double the average time taken to brute-force an algorithm, while 
using a slower algorithm will only increase the difficulty marginally.
Also note that anything beyond 256 bits is silly. Brute-forcing a 256- bit algorithm can be shown to be PHYSICALLY impossible, so there's no reason to 
go anywhere beyond that.

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: