Brute Force and Smart Force
Adam Shostack
adam at homeport.org
Mon Sep 18 21:04:57 PDT 1995
I think its worth pointing out that instead of taking (arguably) $10,000
worth of computer time to brute force SSL, Goldberg-Wagner's attack exploits a
weakness in the system to spend maybe a few dollars to crack it.
Clever attacks on cryptosystems like this are the bread and butter of
'practical' cryptanalysis. It might take until slightly after the heat death
of the universe to break IDEA or your 2048 bit RSA key, but there exist other
attacks, and they are the ones which will be exploited.
(Also, as Robert Morris pointed otut, never underestimate the time, money or
effort your opponent will put into cryptanalysis. Cypherpunks, collectively,
have put a great deal of time, effort, and CPU into proving SSL bogus, and I
don't think anyone here made any money doing it.)
Perhaps we should refocus our efforts on attacking PGP, to see if there are
holes there? (I'm not suggesting there are, but it would be nice to see some
code written to extend Crack to phrases, do some more code review, etc.)
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list