[cryptography] Current state of brute-forcing random keys?

Jeffrey Walton noloader at gmail.com
Thu Jun 9 15:01:04 EDT 2011

On Thu, Jun 9, 2011 at 1:14 PM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
> Greetings again. I am helping someone design a system that will involve giving someone a randomly-generated key that they have to type in order to unlock data that is private but not terribly valuable. Thus, we want to keep the key as short as practical to reduce typing and mis-typing, but long enough to prevent trivial brute-force attacks. The encryption will be AES-128 in CBC mode.
> What is the current state of brute-force attacks on AES-128 blobs?
If the key is generated using a secure generator, brute force
(exhaustive search) of AES is (2^128)/2 - you expect to find it, on
average, in about half the time.

> Are there recent results where we can estimate the cost of brute-forcing 64-bit and 80-bit keys?
64 bits and 80 bits are no longer recommended for new systems. Perhaps
112 bits (3-key TDEA) and 128 bit (AES) security levels would be a
better choice.


More information about the cryptography mailing list