On Wed, 15 Mar 1995, Jonathan Cooper wrote: > Date: Wed, 15 Mar 1995 20:35:44 -0500 (EST) > From: Jonathan Cooper <entropy@IntNet.net> > To: Vishy Gopalakrishnan <vishy@sph.umich.edu> > Cc: bugtraq@fc.net > Subject: Non-PK encryption not vulnerable via low key length?! > You are wrong. > > If the key is only 128-bit, that's a much smaller keyspace to > brute-force attack than a 1024-bit key. > > (do the math) > > -jon Okay, let's see. 2^128 = 3.4e38. Suppose you can somehow try one billion keys per second. Then it will take you 3.4e29 seconds or about 1e22 years to try every possible key. A shorter length of time than it would take with a 1024 bit key, but I don't think I'd lose much sleep over it. Mark | Mark G. Scheuern | http://www.acs.oakland.edu/~mgscheue/ | | mgscheue@oakland.edu | finger mgscheue@vela.acs.oakland.edu | | MGScheuern@eWorld.COM | 20 67 4B E0 15 5C 7C 87 | | 73150.1770@compuserve.com | 28 B3 DB BA 63 B1 5F A1 |