[cryptography] Current state of brute-forcing random keys?
James A. Donald
jamesd at echeque.com
Thu Jun 9 18:08:36 EDT 2011
On 2011-06-10 7:22 AM, Marsh Ray wrote:
> Last I checked, in the US electric power is around $0.07 per kWh in
> areas considered "cheap". So each trial costs $4.53e−18 in electric power.
> For an 64-bit key, you expect the adversary to need 2^63 trials for
> which he might pay a power bill of $597.
> For an 80-bit key, you expect the adversary to need 2^79 trials for
> which he might pay a power bill of $2.7M.
Of course the administrative and organizational costs of building this
specialized data center with specialized chips are likely to be much
greater than the power costs, but you are only trying to assess order of
magnitude. Just recall that this is a conservative order of magnitude.
So 80 bits is sufficient to cause the police to lose interest, and pose
obstacle even to national governments on matters vital to national
security. If Al Quaeda was using 80 bit security, governments would not
be cracking all their mail, only very specially selected mail.
More information about the cryptography