User: Password:
|
|
Subscribe / Log in / New account

Sponsorship

Sponsorship

Posted Jan 9, 2014 19:17 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
In reply to: Sponsorship by BrucePerens
Parent article: A new Dual EC DRBG flaw

>NSA has had a lot of time to get up to speed with the issue of encryption and I think it's safe to say that they are 10 years ahead of the state of the art now and that they have a lot of custom silicon in house. People who believe that any form of algorythmic encryption protects them from NSA are self-decieved.

So NSA has enough silicon to boil oceans and explode supernovae stars? That's what is required to brute-force 128-bit and 256-bit keys.

As for algorithmic breakthroughs - even in the case of DES and differential cryptoanalysis (the most well-known NSA breakthrough) the threats were mostly theoretical.

It's highly unlikely that they have a practical attack against widely-used ciphers that allows to recover keys without using 2^80 bytes of chosen plaintext or anything similar.

Of course, NSA might certainly use careful side-channel attacks or they might be able to brute-force keys with insufficient entropy.


(Log in to post comments)

Sponsorship

Posted Jan 10, 2014 1:59 UTC (Fri) by BrucePerens (guest, #2510) [Link]

You are assuming that the PRNG has near-perfect entropy and that the search space is thus as large as you think it is. This might be a reasonably safe assumption, but it's less than provable. Also note that the search space for quantum computers would be the square root of the search space size for von Neuman ones.

We can only use NSA's actions to forcast their capabilities. Right now there is an effort to make encryption mandatory for every HTTP connection in the next version of the HTTP standard. U.S. government does not seem to have the slightest interest in this activity, and it is very likely to go forward. My assumption is that they are not bothered, for some reason, and we can hope to deter corporate eavesdropping, but NAS knows something we don't.

Sponsorship

Posted Jan 10, 2014 2:06 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

>You are assuming that the PRNG has near-perfect entropy and that the search space is thus as large as you think it is.
I think that for most practical PRNGs it's not feasible to find their bias. And it's also ultimately futile because you'd have to re-do the analysis for each new version of PRNG.

Now, if we're talking about keys derived from users' input then it's a whole different story. It's very much feasible to brute-force most of passwords that are easily memorable.

>This might be a reasonably safe assumption, but it's less than provable. Also note that the search space for quantum computers would be the square root of the search space size for von Neuman ones.
So just use 256-bit keys. Building a quantum computer capable of iterating through the 128-bit keyspace is very faaaar in the future if even practically possible, and it'll have the same issue with the boiling oceans.

>We can only use NSA's actions to forcast their capabilities. Right now there is an effort to make encryption mandatory for every HTTP connection in the next version of the HTTP standard.
NSA is not omnipotent. Also, it's far easier for them to force most of cloud providers to provide direct taps to their internal networks.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds