[Full-disclosure] Comparing Algorithms On The List OfHard-to-brut-force?
Andrew Farmer
andfarm at gmail.com
Tue Nov 1 18:55:31 GMT 2005
On 01 Nov 05, at 10:11, Brandon Enright wrote:
> Brute forcing an algorithm suggests that you are not attacking a
> weakness or
> known flaw in the algorithm but rather just running through the
> keyspace
> trying to recover the plaintext. In that case, whichever allows
> you to use
> the most bits is what you want.
Note that the encryption speed of an algorithm is *not* a significant
factor
in the time taken to brute-force it, except for extremely small
keyspaces!
Remember that the time taken to brute-force an N-bit algorithm that
takes K
seconds per encryption is, on average
N
K * 2
which increases much more rapidly with N than it does with K. Adding
even one
more bit will double the average time taken to brute-force an
algorithm, while
using a slower algorithm will only increase the difficulty marginally.
Also note that anything beyond 256 bits is silly. Brute-forcing a 256-
bit
algorithm can be shown to be PHYSICALLY impossible, so there's no
reason to
go anywhere beyond that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051101/d90d6a8d/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.