On Mon, Jul 10, 2006 at 06:04:17AM -0400, David Farber wrote:

Modern cryptographic systems are essentially unbreakable, particularly if an adversary is restricted to intercepts. We have argued for, designed, and built systems with 128 bits of security .... If you want to brute-force a key, it literally takes a planet-ful of ... They could know something we don't. They could know some fundamental truth about mathematics (like how to factor really fast), some effective form of symmetric cryptanalysis, or something else. They could know about quantum computers, DNA computers, systems based upon

While it is also a non-scientific statement, this history of "unbreakable" cryptography is checkered. Significant numbers of systems judged unbreakable using the thinking of the day have ended up having flaws. Some claims of unbreakability also fell victim to the unexpected push of Moore's law (such as DES, which we at the EFF demonstrated the crackability of many years ago.) One of my favourite charts at a crypto conference did a graph between the predicted lifetime of cryptosystems (often expressed, in terms of tens of thousands of years, or now lifetimes of the universe) and the actual lifetime under unanticipated cryptanalysis techniques. It was meant to be an amusement but it looked like a real trend. 2^128 will not be readily brute-forced with the technology we envision today. The point is that most of these systems were not broken with the technology (and other aspects of cryptanalysis) we know today. Each flaw found in a cryptosystem makes our next system stronger, of course, but it's very risky to say we've found the last flaw, discovered the last breakthrough in cryptanalysis. As for quantum computing, a classmate of mine has endowed a center for quantum computing at Waterloo, using his RIM money. I asked him recently how many q-bits they could do, he told me they had classified the answer. That could mean they are being overly paranoid in their classifications (quite likely) or that they have classified it because they wonder if the future answer will be military level, or if they have classified it just to keep people wondering. But one can't help but wonder. All this said, I feel pretty confident in our modern systems. But not enough to say essentially unbreakable. ------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]