Talk:Key size
From Wikipedia, the free encyclopedia
[edit] Recent addition
- "...As of 2003, the U.S. National Institute for Standards and Technology, NIST, is proposing that 80-bit keys be phased out by 2015. The 2005 Shandong University attack on SHA1 suggests a faster phase out."
Hmm...I'm not so sure it does. The SHA-1 attack is claimed to take 269 operations, less than the expected 280 for brute force, which is why it's being replaced. The feasibility or otherwise of performing a computation on the order of 280 hasn't changed. — Matt Crypto 18:01, 23 Feb 2005 (UTC)
-
- Well, it's arguable. I think the broader point is that a cryptographic algorithm with a nominal key size of N may well have weaknesses that reduce that strength somewhat. On the other hand, I took out the recent addition: "or at least will be out of reach while technology continues along its current course. In respect of long term information security it is as well to hold that factor in mind because there are several potential leaps in computational methodology which, _when_ one of the is made, will render current key lengths laughably insecure. A currently evolving technique is that of distributed procssing, where a task is shared between a (potentially very large) network of machines. This technique already renders low to moderate keylengths brute-force breakable." Distributed processing is not, of itself a threat to 128-bit keys. There are 3.4 x 1038 possible keys. There are 3.2 x 1015 microseconds in a century. Testing all possible keys at one key per microsecond per processor requires 1023 processors working for 100 years. Even if you reduce the strength of the algorithm by 20 bits (a work factor of 106) there is a fair margin of safety. --agr 11:28, 26 May 2006 (UTC)