By: Blake
Like Schneier also said... "Attacks always get better; they never get worse." Now I don't know which Schneier to believe! Maybe the 256-bit key will eventually be brought down by A Fancy Rig or some...
View Article256 bit security and the laws of physics
Why 256 bit keys are long enough. A nice graphic explanation by Schneier why brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and...
View ArticleBy: grandsham
"He used the smallest common energy measurement, and that's 10^16 too large for the actual amounts of energy in question. And you guys want to use a unit that's another 10^6 larger?" Just me that's...
View ArticleBy: effugas
We've completed work efforts in the ~60 bits, publically anyway. In practical terms, a brute force effort between 90 and 128 bits is sufficient, maybe even less TBH. Honestly, this is not where you get...
View ArticleBy: Malor
Oh, and ergs versus joules is an extremely silly complaint, since the scales are so tiny. He used the smallest common energy measurement, and that's 10^16 too large for the actual amounts of energy in...
View ArticleBy: Malor
It's also worth pointing out that, in cases where the attacker has access to the encrypted keystore, the password used for that encryption, and that separate encryption algorithm, may be enough weaker...
View ArticleBy: dirigibleman
also, can we talk about how silly it is that Schneier decided to use ergs as his unit of energy for his example? because it's pretty silly. The astrophysical community tends to use ergs (and cgs units...
View ArticleBy: deathpanels
If it's legal to use a crypto method and talk about it on Metafilter, I assume the NSA already has a backdoor.
View ArticleBy: grandsham
Nelson: "Here in the real world, almost every older crypto algorithm has been broken so that the work required is much less than brute forcing the whole keyspace. DES' 56 bit keys, for instance, have...
View ArticleBy: IAmBroom
JHarris: One thing is, for many purposes, it's actually not desirable to have perfect, forever-uncrackable security. Like if you encrypted your files, forgot your password, and need to recover the...
View ArticleBy: Nelson
I'm confused why a quote from a 15 year old book is suddenly a Metafilter post. But the framing is misleading. As TheyCallItPeace notes, this little thermodynamic argument only applies if all 256 bits...
View ArticleBy: introp
Quantum computers absolutely follow the laws of thermodynamics. They are of normal matter and time.
View ArticleBy: euphorb
I'm not sure if he was being facetious, or not, but computers are already "built from something other than matter and occupy something other than space". D-wave sells quantum computers right now. The...
View ArticleBy: dhartung
Like if you encrypted your files, forgot your password, and need to recover the system, you can easily hose yourself that way. Silly, that's what Post-Its are for.
View ArticleBy: introp
also, can we talk about how silly it is that Schneier decided to use ergs as his unit of energy for his example? because it's pretty silly. Whatchoo got against ergs? Ergs is just joules for tiny people.
View ArticleBy: Herodios
until computers are built from something other than matter and occupy something other than space. Just give away the plans for iPhone 7, why don't you. Well more or less, yes. I have it on the best...
View ArticleBy: grandsham
also, can we talk about how silly it is that Schneier decided to use ergs as his unit of energy for his example? because it's pretty silly.
View ArticleBy: hoyland
So while it is a nice argument, it does not address the main issue with pretty much any cryptosystem aside from a one-time pad: they rely on functions that are easy to compute in one direction, but...
View ArticleBy: grandsham
TheyCallItPeace: "This argument works under the assumption that brute-force search over the entire key-space is the most viable attack. No cryptosystem to date, aside from a one-time pad, has been...
View ArticleBy: rongorongo
Approaching the notion of strong security from the perspective of Psychology rather than Physics, I liked Hristo Bojinov's proposed countermeasure to rubber hose cryptanalysis: passwords based on...
View ArticleBy: TheyCallItPeace
This argument works under the assumption that brute-force search over the entire key-space is the most viable attack. No cryptosystem to date, aside from a one-time pad, has been proven to have that...
View ArticleBy: ubernostrum
Expanding on eriko's comment: it's not just that he's only talking about symmetric keys. It's also that he's talking about brute-force attacks. "Brute force" means, basically, that you set your...
View ArticleBy: kengraham
You should clarify that Schneier only defends 256bit symmetric keys, ala AES keys. I believe Schneier has already advised going beyond 2048bits for public keys that must survive for a prolonged period,...
View ArticleBy: cotterpin
Again humans' inability to fully grasp exponential growth is demonstrated. An increase from 128 bits to 256 doesn't make your key twice as strong. It makes a key that is roughly...
View ArticleBy: jeffburdges
You should clarify that Schneier only defends 256bit symmetric keys, ala AES keys. I believe Schneier has already advised going beyond 2048bits for public keys that must survive for a prolonged period,...
View ArticleBy: eriko
Note: there is a difference between a properly implemented strong 256 bit crypto system and a poorly implemented one. If you screw up the implementation, 1024 bits won't help you. There's also the...
View ArticleBy: Blake
...."A favorite Blake quote".... I'll go ahead and assume I said that at some point.
View ArticleBy: JHarris
One thing is, for many purposes, it's actually not desirable to have perfect, forever-uncrackable security. Like if you encrypted your files, forgot your password, and need to recover the system, you...
View ArticleBy: indubitable
All I can find is someone posting an excerpt from Applied Cryptography, which is well known and has been around forever. Did Schneier write something new on stackexchange and you mis-linked, or was...
View ArticleBy: twoleftfeet
until computers are built from something other than matter and occupy something other than space. Just give away the plans for iPhone 7, why don't you.
View ArticleBy: eriko
idn't realize that they are commonly used in astrophysics (thanks dirigibleman!), which makes sense given we're talking about the output of stars and supernovas. I no longer think its silly. Well, he...
View Article
More Pages to Explore .....