Using supercomputers to break interesting ciphers

Sat Sep 1 14:47:16 PDT 2001

On Saturday, September 1, 2001, at 01:53 PM, Faustine wrote:

> Tim Wrote:
>>> On Friday, August 31, 2001, at 11:43 AM, Faustine wrote:
>>
>>> Consistent with your misconception about big computers being useful 
>>> for
>>> brute-force cryptanalyis,
>>
>> I never said that and you know it. Nice troll, though.
>
>> You did indeed. Several times you alluded to what big and powerful
>> computers the NSA must have, the better to blow our house down. When it
>> was pointed out to you the nature of brute-forcing a big key, and how
>> useless computers are, you seemed not to get the point.
>
> Oh, well that might have a little something to do with the fact that I
> never made the point that brute-forcing keys was the way big and 
> powerful
> NSA computers are going to blow our house down, mightn't it.  The fact
> that "brute-forcing keys" was the only thing you could think of when you
> saw my phrase "interesting possibilities for cryptographic applications"
> and then chose to fixate on proving what a damn poopy head 
> whippersnapper I
> am instead of deigning to bother over what methods I meant to refer to 
> is
> indicative of your own limitations, not mine.

You are now backpedaling furiously away from your "common to newbies" 
claim that fast computers might be used to break ciphers. Here's a chunk 
of dialog from an August 8 post of yours:

(comments after ">" are from Tim)
 >Except when was the last time you heard of a Cypherpunks-interesting
 >cipher being broken with _any_ amount of computer crunching?

"Since when did people stop trying? The last time I heard a researcher 
talk
about trying to break a Cypherpunks-interesting cipher was last 
Thursday."

This, and similar comments you made about the Sandia and IBM 
supercomputers, clearly imply you think one of the uses of these 
supercomputers is to "try" to break what I called 
Cypherpunks-interesting ciphers.

Many who are exposed to crypto to the first time, and who haven't 
thought about the issue of factoring large numbers, simply "assume" that 
a worthwhile goal is to "try" ("Since when did people stop trying?") to 
break such ciphers with faster computers.

(To be sure, there are interesting projects on faster factoring methods, 
better quadratic sieves, searches for Mersenne primes, all that good 
number theory stuff. Some of it is even being done at Sandia. But this 
is a far cry from the common belief that Cypherpunks-interesting ciphers 
may fall to attacks with mere supercomputers. Do the math on what a 
trillion such Sandia computers could do if they ran for a billion 
years...then realize there are keys already in use today which cannot be 
attacked by brute-force (or probably any other direct means) with all of 
the computer power that the universe could ever support. Mind-boggling, 
but I realized this via some calculations just after starting to look 
closely at RSA.)

You are now backpedalling, claiming you never meant this.

Similar to the way you claimed "if someone else is convinced it's 
interesting enough to be willing to food the power bill (as I had 
anticipated would be the case)," well AFTER I posted an article pointing 
out that the power bill alone for running older Pentiums and G3s would 
pay for faster new CPUs to make the old DIY machines a waste of time. 
Fact is, you HADN'T "anticipated" this...you saw my calculations of 
watts and MIPS and only _then_ did you retroactively "anticipate" that 
power concerns make such arrays of old machines a lose. Check the 
archives. When some adds a gratuitous "As I had anticipated would be the 
case" under these circumstance we know we are in the presence of a faker.

--Tim May