[cryptography] Current state of brute-forcing random keys?

Steven Bellovin smb at cs.columbia.edu
Sat Jun 11 18:42:57 EDT 2011

On Jun 10, 2011, at 1:53 26AM, Marsh Ray wrote:

> Who except codebreakers are going to benchmark and heavily optimize the key expansion part of the algorithm?

Someone who is building a large-scale IPsec gateway, where you're switching key schedules for more or less every packet.  You can't store the expanded key schedule, or the memory bandwidth to fetch it will kill you.

		--Steve Bellovin, https://www.cs.columbia.edu/~smb

More information about the cryptography mailing list