From: “Peter Trei” <trei@process.com>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: 5c4c9d2f8864dbb3e0172e403bb0fe52290d730446210804c1dd1e8ce84dc420
Message ID: <199706241351.GAA20823@toad.com>
Reply To: N/A
UTC Datetime: 1997-06-24 14:23:34 UTC
Raw Date: Tue, 24 Jun 1997 22:23:34 +0800
From: "Peter Trei" <trei@process.com>
Date: Tue, 24 Jun 1997 22:23:34 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Comparing Cryptographic Key Sizes
Message-ID: <199706241351.GAA20823@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
Adam Back <aba@dcs.ex.ac.uk> writes.
> Below is a explanation of the meaning of cryptographic key sizes which
> started as an explanation I wrote for a journalist friend of mine, on
> being asked about how relatively secure a system using DES and RSA
> (SET) was as compared to netscapes export version of SSL.
> It could use some criticism. If you are not that crypto aware, does
> it make sense to you? If you are crypto aware, what do you think of
> my off the cuff estimates of hardness?
>
>
> 56 bit DES is probably roughly similar to 512 bit RSA in hardness to
> break.
This is way off. We used ~457,000 MIPS years to search half of the
DES keyspace. Factoring a 512 bit modulus using the General Number
Field Sieve (GNFS) would take about 28,000 MIPS years (see Schneier
for the exact number - I don't have AC2 at hand)
Lenstra has estimated that with 500,000 MIPS years, you should be
able to factor a 600 bit modulus using GNFS, if your workstations
had enough memory.
[...]
> About 10 years ago now Michael Wiener made a design for such a DES
> breaking machine. He estimated it would cost $10,000,000 to build a
> machine which would break a 56 bit DES encrypted message a few hours.
> His machine was scalable, pay more money, break the key faster, pay
> less take longer. The estimate was that could build one with enough
> DES key searching units to break it in a day for $1,000,000. That was
> 10 years ago. 10 years is a long time in the computer industry.
> Nowadays you build the machine more cheaply as chip technology has
> progressed, and computers are much faster per $. Estimates are around
> $100,000 to build the machine (neglecting hardware engineers
> consultancy fees).
Go back and check the numbers - if you don't the journalists will.
(I don't have this paper to hand either :-( ) The Wiener paper is
much more recent (93?) , and the cost much lower (I think it was
about $1M for HW and $500K for development costs, for a 3.5 hour
machine).
Peter Trei
trei@process.com
Return to June 1997
Return to “Tom Weinstein <tomw@netscape.com>”