-----Original Message----- From: "Major Variola (ret)" <mv@cdc.gov> Sent: Jul 30, 2004 10:25 PM To: "cypherpunks@al-qaeda.net" <cypherpunks@al-qaeda.net> Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto proxies The "profitably" part is a non-issue when you have black budgets, ie $400 toilet seats. This is silly. They have black budgets, but not infinite ones. Given their budget (whatever it is), they want to buy the most processing bang for their buck. I doubt they can do that substantially better than anyone else. I'd expect them to be really clever at finding tricks to optimize keysearch of various kinds, but not to have better microprocessor technology than the rest of the world. Bottom line: they're not ahead in tech, but they can make things that private-co engineeers only dream of. DesCrack is a suitcase, get it? So, then they can break 3-key 3DES with moderate numbers of texts as soon as they can build 2^{56} such suitcases, right? And power them, and get rid of their waste heat.... I'll let you speculate on AESCrack :-) Do the math, and you'll see how implausible 128-bit keysearch is. Maybe there are better attacks on AES (the algebraic stuff doesn't seem to have gone anywhere, but it still might), but if keysearch is all we have to worry about, and nontrivial quantum computers remain impractical to build, then 128-bit keys are as secure as we're ever likely to need, and 256-bit keys more or less eliminate keysearch of any kind from the list of things we need ever worry about again. --John