-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Being paid to be paranoid, I prefer to use averages instead of absolutes. So your numbers would then be: 56 bits -- ( 2^56 / 3.88E12 )*0.5 = 2.6 hours 64 bits -- ( 2^64 / 3.88E12)*0.5 = 27.5 days 80 bits -- ( 2^80 / 3.88E12)*0.5 = 36.5 years 128 bits -- ( 2^128 / 3.88E12)*0.5 = 1.4E18 years. So a brute force on a 56 bit key would take, on average, 2.6 hours-- using your computational power assumption below-- with half of all keys brute forced being found before that time and half being found after that time and most being found around 2.6 hours. This is assuming a fairly random distribution of keys within a large set of keys to be attacked. You can meter your level of safety by changing the minimum average percentage of keys found (50%, 25%, 75%) to your taste (or management's taste) or by increasing the key size. me. - -----Original Message----- From: Harvey Rook (Exchange) [SMTP:hrook@exchange.microsoft.com] Sent: Wednesday, October 28, 1998 11:01 AM To: cypherpunks@cyberpass.net Subject: Speed records, and brute force state of the art. - From the New York Times... WASHINGTON-The Energy Department will take delivery on Wednesday of what the Government says is the world's fastest computer, capable of a peak performance of 3.88 trillion calculations, or teraflops, a second. Just to simplify things, let's assume that 1 flop == 1 decryption. I know that's not true, but it's very close, and it's certainly less than one order of magnitude off. So, with this assumption how long does it take to break various key sizes? 56 bits -- 2^56 / 3.88E12 = 5.2 hours 64 bits -- 2^64 / 3.88E12 = 55 days 80 bits -- 2^80 / 3.88E12 = 9873 years 128 bits -- 2^128 / 3.88E12 = 2.8E18 years. And now you know. Harv. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> iQA/AwUBNjcVv3UkEFXvH2ZAEQJRJQCeOPXRZpMwlFKHjUWktgBMRSL626sAnR/m TJAfMTXEdf5pYW+rLiACRlWD =WYHJ -----END PGP SIGNATURE-----