[cryptography] Current state of brute-forcing random keys?

James A. Donald jamesd at echeque.com
Thu Jun 9 18:08:36 EDT 2011


On 2011-06-10 7:22 AM, Marsh Ray wrote:
> Last I checked, in the US electric power is around $0.07 per kWh in
> areas considered "cheap". So each trial costs $4.53e−18 in electric power.
>
> For an 64-bit key, you expect the adversary to need 2^63 trials for
> which he might pay a power bill of $597.
>
> For an 80-bit key, you expect the adversary to need 2^79 trials for
> which he might pay a power bill of $2.7M.

Of course the administrative and organizational costs of building this 
specialized data center with specialized chips are likely to be much 
greater than the power costs, but you are only trying to assess order of 
magnitude.  Just recall that this is a conservative order of magnitude.

So 80 bits is sufficient to cause the police to lose interest, and pose 
obstacle even to national governments on matters vital to national 
security.  If Al Quaeda was using 80 bit security, governments would not 
be cracking all their mail, only very specially selected mail.



More information about the cryptography mailing list