Re: Encryption
Re: Encryption
- Subject: Re: Encryption
- From: Robert Tito <email@hidden>
- Date: Fri, 02 Jan 2004 03:08:04 +0100
Hi Shawn
If I get my hand on an encrypted (by a standard single engine) document it
takes aboutt 15-20 minutes to crack it.
It takes some more time to tackle a 512 bits document but then the problem
lies within the single engine: they are all well known and described.
If however a transaction takes place within 3 seconds who can retrieve the
file and crack it, tho when retrieved they can track any subsequent files
because they know the key. Untill that key is renewed ()most likely once a
year)
This makes you very vulnerable as organisation.
Because our product is registered I cant go into much detail but we use
polymorphic asymmetrical encryption. (with another tag upon which I cannot
elaborate)
Together that leads to the mathematical chance of 1:10^1256 for a 1 MB file.
The articles I have to look up, they are very recent and some older but they
all point in the same direction.
I will mail you personally about them somewhere next week
On 2-1-2004 2:50, "Shawn Erickson" <email@hidden> wrote:
>
On Jan 1, 2004, at 4:20 PM, Robert Tito wrote:
>
>
> Hello Nicko,
>
>
>
> While 128 bits encryption is pretty safe when used in transactions
>
> that last
>
> 1-3 seconds its not when using corporate e-mail
>
>
>
> Please read the most recent proceedings in the scientific literature
>
> that
>
> proves what I am saying.
>
>
>
> regards
>
>
>
>
>
> On 2-1-2004 0:46, "Nicko van Someren" <email@hidden> wrote:
>
>
>
>> On 1 Jan 2004, at 23:00, Robert Tito wrote:
>
>>> How well meant your advice is, and a happy new year to you, it doesnt
>
>>> give
>
>>> you status 4 in encryption, meaning top secret government level. It
>
>>> takes a
>
>>> mere 15-20 minutes to crack any single 128 bits engine so I think you
>
>>> have
>
>>> either NO knowledge about encryption and or forensic research.
>
>>> Verisign for
>
>>> instance is one of the least safest way to encrypt: the man in the
>
>>> middle is
>
>>> always possible, how hard they try to prevent it.
>
>>>
>
>>> Believe me, we have an engine that will take you 1 over 10^1256
>
>>> attempts to
>
>>> crack: good luck.
>
>>> 128 bits is cracked in no time at all.
>
>>
>
>> That's odd. I've spent half my professional life as the CTO of an
>
>> major publicly traded encryption company and somehow I had never
>
>> noticed that all the published cryptographic research in the world is
>
>> wrong and you're right...
>
>>
>
>> To date the largest symmetric encryption key publicly broken by brute
>
>> force is a 64 bit RC5 key. It took a distributed effort of thousands
>
>> of computers most of a year to do so. Breaking a 128 bit key is 2^64
>
>> time, or about 18.4 million million million times harder. While
>
>> conspiracy theorists might think that this is breakable by the spooks
>
>> the vast majority of opinion is that this is sufficient for most
>
>> applications.
>
>
I know this is basic information for Nicko because I know something
>
about his background and yield to his knowledge on this (very likely
>
far far better then mine).
>
>
Anyway I believe you are talking about two different styles of
>
encryption... Nicko is talking about symmetric ones and Robert is
>
possibly talking about asymmetric ones?
>
>
For symmetric schemes (AES/Rijndael, DES, DESede/TripleDES, , etc.)
>
much shorter keys length can yield very strong encryption while longer
>
keys, sometimes much longer, are need in the asymmetric realm (RSA,
>
etc.).
>
>
For example AES uses keys from 128b to 256b in length with 192b
>
generally the most common currently (I believe Apple's file vault use
>
AES-192).
>
>
Anyway if we talk about AES... for a 128b key that yields a key space
>
of about 3.4x10^38 keys. So to brute force that in 20 minutes as you
>
state, assuming you only have to cover half of the key space, you would
>
have to process about 1.42x10^35 keys per second. That is obviously not
>
currently possible given that fastest computers in the world perform
>
only 1x10^14 operations per second or so (not cyper/key runs a second).
>
You get very interesting, as in large, numbers when you attempt figure
>
out how much power as in electrical it would take to brute force such
>
large key spaces given current technology.
>
>
To my knowledge no announced way exists to attack AES that doesn't take
>
longer then brute forcing it. Of course the human, who generally
>
generates such keys, is the big weakness in this...
>
>
Robert, can you reference such information if you know it? Also I would
>
be interested in knowing what 128b encryption/engine you are talking
>
about that can be broken in 20 minutes (or was is it 3 seconds?) and
>
what system yields a key space (assuming that was your meaning) of
>
1x10^1256, which is very likely more, far more, keys then particles
>
(not atoms but particles) in the known universe. How long does that
>
sucker take to run a cycle? It sounds a little over kill to me...
>
>
-Shawn
>
_______________________________________________
>
cocoa-dev mailing list | email@hidden
>
Help/Unsubscribe/Archives:
>
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
>
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.