undefined | Better HN

0 pointsrakoo6y ago0 comments

"Public/symmetric key cryptography" is just the name of the practice, of course it's doing fine. What's not doing fine is picking a particular set of ciphers/hash functions/signature scheme and expecting to not fail in 40 years.

0 comments

8 comments · 3 top-level

xoa6y ago· 3 in thread

Incorrect, particular sets of ciphers are themselves doing just fine. There is no hint of well studied symmetric-key algorithms (like AES, which is in fact now over 20 years old) with long known sufficient key lengths "failing" (in terms of cold ciphertext being cracked) in 40 years, or 400 years for that matter. Even with a fully scalable general quantum computer, the best known improvement is Grover's Algorithm, which results in roughly a quadratic improvement (so a 128-bit key cracked in 2^64 iterations, 256-bit in 2^128, etc). This obviously is trivially defeated by doubling the key length, and AES-256 has been available from the beginning and has been becoming more standard for a while as well.

Now, there are various kinds of hot attacks, such as side channel leaks, that always present a serious challenge in many threat scenarios. And it's certainly possible to have bad implementations of a solid algorithm. But for AES implementations are very mature, and side channel attacks do not apply to data at rest. So in the context of "will my encrypted ciphertext with all my deepest secrets [sitting on a drive/in the cloud/wherever] be crackable in 40 years" no, symmetric-key crypto with 256-bit keys is dependable at this point.

A false sense of defeatism is itself plenty dangerous to security.

ReidZB6y ago

DES is a good example here: it was designed ~45 years ago and it's still theoretically surprisingly strong when you compare it with other areas of cryptography. By that, I mean it's held up very well to cryptanalysis that attempts to find faster-than-brute-force techniques, with the best attack taking 2^43 time (vs. the 2^56 brute-force time).

To be clear, 2^56 is trivially brute-force-able today, but that can be mitigated with constructs like 3DES, which are still (barely) secure despite being based on a 45-year-old cipher.

(So no one mistakes my intent, there are many reasons to prefer AES over DES. I just wanted to provide it as an example, especially since it happened to line up with the 40-year timeframe.)

zwp6y ago

> 2^56 is trivially brute-force-able today

Youch, this broke my intuition.

https://crack.sh/

"we’ve built a system with 48 Virtex-6 LX240Ts which can exhaust the keyspace in around 26 hours"

tgsovlerkhgsel6y ago

> trivially

Having to rent thousands of dollars in GPU-hours or using specialized hardware doesn't sound "trivial" to me. Practical, yes. Accessible even to a layman with money to spare, yes. Trivial? Hell no.

1 more reply

xmprt6y ago· 2 in thread

Encrypting is still better than not encrypting and if you care about keeping your data private then you can take additional measures to ensure that. Nothing will last forever but that's not a good reason to be nihilistic.

mattr476y ago

It's like locking my front door. I chose to lock the door to prevent random acts of burglary. But that lock will not stop someone determined from BnE my house.

gowld6y ago

DES Encryption will stop someone from BnE your data.

They might BnE your key though, if you aren't careful enough.

wbl6y ago

Triple DES remains as secure today as in 1975.

j / k navigate · click thread line to collapse