flat assembler
Message board for the users of flat assembler.

Index > Heap > (Deep Crack)Brute Force Attack Machine

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
JoeCoder1



Joined: 13 Jun 2011
Posts: 62
JoeCoder1
Man you are out of touch with the crypto world. The whole world relies on RSA, every big business and every government of the world. Like I said that is as proven as it gets.

There are no proofs of unbreakability of any cipher algorithm. If that was true everybody would use only that algorithm.

3DES being slow *is* an advantage *when* the only attack is brute force. You said you can't understand why anybody uses it,I gave you a good reason. It's secure and it's slow. It has problems like a small blocksize and a key length that is not adequate (112 bits) against motivated attackers who have your money to spend, but it is simple to implement (another advantage) proveably strong (nothing is proveably unbreakable) and been around for a long time.
Post 15 Jun 2011, 13:04
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
JoeCoder1 wrote:
Man you are out of touch with the crypto world. The whole world relies on RSA, every big business and every government of the world. Like I said that is as proven as it gets.
I never said it isn't used, I said it is unproven.
JoeCoder1 wrote:
There are no proofs of unbreakability of any cipher algorithm. If that was true everybody would use only that algorithm.
Not true actually. OTP is the most famous of the set of provably secure algorithms. There are many others. Unfortunately all are currently impractical for real world applications. In fact it has been shown that a suitably sized quantum computer will be able to trivially factor RSA sized numbers. RSA is not a secure as some people might like to make out. RSA is only currently very hard because there are not yet any available QCs large enough.
JoeCoder1 wrote:
3DES being slow *is* an advantage *when* the only attack is brute force. You said you can't understand why anybody uses it,I gave you a good reason. It's secure and it's slow. It has problems like a small blocksize and a key length that is not adequate (112 bits) against motivated attackers who have your money to spend, but it is simple to implement (another advantage) proveably strong (nothing is proveably unbreakable) and been around for a long time.
Being slow is never an advantage for symmetric algorithms. If what you say was true then it would be trivial to increase the number of rounds computed in all the round based cyphers to any value you desire to slow down the encryption. No useful algorithm does this though because they need to keep the cypher fast to reduce computational effort. Instead it is the key length that is the real determining factor for brute force cracking difficulty.
Post 15 Jun 2011, 13:20
View user's profile Send private message Visit poster's website Reply with quote
JoeCoder1



Joined: 13 Jun 2011
Posts: 62
JoeCoder1
I guess on the RSA issue we are not communicating. No offense.

As far as 3DES goes I am not suggesting being slow is an advantage in the abstract. In this case it did turn out to be a practical advantage, given that 3DES is instrinsically slow, it does help protect against attacks by increasing the cost over an equivalent brute force attack for a more efficient cipher. I don't know that it was a design feature but there are always engineering compromises between speed and security. In this case they seem to have found a good balance.

I agree with what you said about the trivial examples like OTP being impractical so I didn't even consider them. I don't buy the arguments about QC until it becomes a reality. They have been talking about this for awihle and so far it's all a dream and nothing where the rubber meets the road.
Post 15 Jun 2011, 13:44
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
AFIAK the current record for QC factoring is the number 15 (5*3). Doesn't sound very impressive but these types of things only ever get better as time progresses.

In a practical situation I have no qualms about using RSA. Indeed my job for the last seven years has been designing and programming systems using RSA and ECC (not RAM ECC, but crypto ECC), and I have never considered them to be practically breakable at the algorithmic level. But it would be nice one day in the future to use a proper proven method, just for peace-of-mind.
Post 15 Jun 2011, 14:01
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.