- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Wed, 20 Aug 2014 20:29:39 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
-------- In message <CABkgnnUVHgkRdUKBYKoKec1UO_fF+GZEiqMXmirwd4XKjtYf2Q@mail.gmail.com> , Martin Thomson writes: >On 20 August 2014 11:36, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: >> Last I looked AES had 128 bit and larger keys, so that would be 2^127 ? > >No, 2^64. > >https://en.wikipedia.org/wiki/Birthday_attack You are not looking for a birthday attack. You are looking at pile of billions of HTTP connections and you have to decrypt *all* of them. >> To stop PM, we don't need unbreakable crypto, we just need crypto >> which is sufficiently expensive to break. > >That's all we ever have. We just draw the line in different places. >My point is that the line is close enough to what is state of the art >to not bother with anything less. And my point is that plenty of people have told us that state of the art is uneconomical to them, so you'll never get emergency services, news and porn on that bandwagon. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 20 August 2014 20:30:06 UTC