[cryptography] Current state of brute-forcing random keys?
smb at cs.columbia.edu
Sat Jun 11 18:42:57 EDT 2011
On Jun 10, 2011, at 1:53 26AM, Marsh Ray wrote:
> Who except codebreakers are going to benchmark and heavily optimize the key expansion part of the algorithm?
Someone who is building a large-scale IPsec gateway, where you're switching key schedules for more or less every packet. You can't store the expanded key schedule, or the memory bandwidth to fetch it will kill you.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the cryptography