Re: HTTP/2 and Pervasive Monitoring

On 20 August 2014 11:36, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> Last I looked AES had 128 bit and larger keys, so that would be 2^127 ?

No, 2^64.

https://en.wikipedia.org/wiki/Birthday_attack

And to be fair, I did some more scratching and came up with USD 2.8M,
and I'll probably get a different number next time as well.

> Your 1e-10 number I cannot find any basis for.

Take the 170K number and reduce the search space by 2^48; then reduce
again by the performance gain (4).  It gets small fast.

> To stop PM, we don't need unbreakable crypto, we just need crypto
> which is sufficiently expensive to break.

That's all we ever have.  We just draw the line in different places.
My point is that the line is close enough to what is state of the art
to not bother with anything less.  There are other factors at play
other than simply the cost of a brute-force attack.

Received on Wednesday, 20 August 2014 19:11:03 UTC