[cryptography] philosophical question about strengths and attacks at impossible levels
iang at iang.org
Thu Oct 14 03:35:17 EDT 2010
On 14/10/10 3:56 PM, Zooko O'Whielacronx wrote:
> In any case, I'm pretty sure that as a *user* of hash functions what I
> care about is "more likely to fail" (and efficiency), not about "bits
> of security" for any bit-level greater than about 128 (including
> consideration of quantum attacks, multi-target attacks, etc.)
Yes. This was something I was trying to get at with Pareto-secure:
There is a point beyond which all efforts are theoretical, and deliver
zero practical benefit. We could probably argue this is at 128 bits.
Beyond that, we're likely doing ourselves damage, because we're
distracting from the true issues. By far the majority (99.99%) of
problems lie outside the issues of strong cryptographic algorithms. If
we spend time on them, to the distraction of our clear and present
dangers, we're now practicing cryptographic numerology.
It's fun, it looks great to the media, it impresses the masses. As
Peter says, it's a fashion statement.
But security, it ain't.
More information about the cryptography