This is silly. They have black budgets, but not infinite ones. Given
At 02:39 PM 8/2/04 -0400, John Kelsey wrote: their budget (whatever it is), they want to buy the most processing bang for their buck. Yes. They can't break a 128 bit key. That's obvious. ("if all the atoms in the universe were computers..." goes the argument). What they can do is implement an advanced dictionary search that includes the kind of mnemonic tricks and regexps that folks typically use when coming up with "tough" passphrases. Cracking Italian anarchist PGP-equipt PDAs in their possession, things like that. If your keys are random 128, no dice (no pun intended). But if your keys are deterministically derived from something in your head, they can blaze. As well as the SIGINT stuff that takes a lot of DSP cycles. But agreed, and worth repeating, long keys can't be exhaustively searched, if they are truly random. As for WEP, GSM, etc cracking, voice recognition, etc, well, that is suitcase sized / real time stuff for them, if they want it. I imagine that the social network panopticon --eg who'se ever called whom-- might take some serious exabyte datacrunching too, something the bioinformaticists would envy. I don't think I overestimate the adversary when I suggest that he has plenty of uses for fast hardware, and that his hardware can be more than a decade faster thanks to cost being less of a concern, even if his transistors are no smaller/faster than TMSC's or IBM's. ----- I had never met a mathematician before. He had a good sense of humor, but no matter what you said to him, he was unimpressed. -Knuth