[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Comparing Algorithms On The List OfHard-to-brut-force?
- To: Brandon Enright <bmenrigh@xxxxxxxx>
- Subject: Re: [Full-disclosure] Comparing Algorithms On The List OfHard-to-brut-force?
- From: Andrew Farmer <andfarm@xxxxxxxxx>
- Date: Tue, 1 Nov 2005 10:55:31 -0800
On 01 Nov 05, at 10:11, Brandon Enright wrote:
Brute forcing an algorithm suggests that you are not attacking a
weakness or
known flaw in the algorithm but rather just running through the
keyspace
trying to recover the plaintext. In that case, whichever allows
you to use
the most bits is what you want.
Note that the encryption speed of an algorithm is *not* a significant
factor
in the time taken to brute-force it, except for extremely small
keyspaces!
Remember that the time taken to brute-force an N-bit algorithm that
takes K
seconds per encryption is, on average
N
K * 2
which increases much more rapidly with N than it does with K. Adding
even one
more bit will double the average time taken to brute-force an
algorithm, while
using a slower algorithm will only increase the difficulty marginally.
Also note that anything beyond 256 bits is silly. Brute-forcing a 256-
bit
algorithm can be shown to be PHYSICALLY impossible, so there's no
reason to
go anywhere beyond that.
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/