W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 and Pervasive Monitoring

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 20 Aug 2014 12:10:36 -0700
Message-ID: <CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 20 August 2014 11:36, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> Last I looked AES had 128 bit and larger keys, so that would be 2^127 ?

No, 2^64.

https://en.wikipedia.org/wiki/Birthday_attack

And to be fair, I did some more scratching and came up with USD 2.8M,
and I'll probably get a different number next time as well.

> Your 1e-10 number I cannot find any basis for.

Take the 170K number and reduce the search space by 2^48; then reduce
again by the performance gain (4).  It gets small fast.

> To stop PM, we don't need unbreakable crypto, we just need crypto
> which is sufficiently expensive to break.

That's all we ever have.  We just draw the line in different places.
My point is that the line is close enough to what is state of the art
to not bother with anything less.  There are other factors at play
other than simply the cost of a brute-force attack.
Received on Wednesday, 20 August 2014 19:11:03 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC