[cryptography] Current state of brute-forcing random keys?

Sandy Harris sandyinchina at gmail.com
Thu Jun 9 22:34:54 EDT 2011

On Fri, Jun 10, 2011 at 1:14 AM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:

> Greetings again. I am helping someone design a system that will involve giving someone
> a randomly-generated key that they have to type in order to unlock data that is private
> but not terribly valuable. Thus, we want to keep the key as short as practical to reduce
> typing and mis-typing, but long enough to prevent trivial brute-force attacks. The
> encryption will be AES-128 in CBC mode.
> What is the current state of brute-force attacks on AES-128 blobs? Are there recent
> results where we can estimate the cost of brute-forcing 64-bit and 80-bit keys?

One indicator is the Copacobana machine, built from FPGAs, The first
version a few
years back cost 9,000 euro and broke DES in a week. There's a later version.

Of course a bunch of those in parallel could break it faster. That's a
56-bit key. 64-bit
is 256 times harder, but certainly within reach of an attacker with
large resources.

Judging solely by this, only someone with a huge budget, such as a major
nation's intelligence agency, could afford to attack 80-bit keys.

More information about the cryptography mailing list