On Thu, Aug 29, 2002 at 06:38:58PM +0200, Karsten W. Rohrbach wrote:
> Perry E. Metzger(perry@piermont.com)@2002.08.29 10:15:34 +0000:
> > 
> > "Karsten W. Rohrbach" <karsten@rohrbach.de> writes:
> > > tracking the evolution of computing machinery nowadays, implementing
> > > cryptanalysis in hardware becomes cheaper and faster at an amazing
> > > speed. my wild guess is, that through the upcoming broad availability of
> > > software programmable hardware that is available today, attacks to
> > > crypto in general will become very cheap in a timeframe of months.
> > 
> > If you can attack 1024 bit keys cheaply a few months from now, please
> > let us know. Where I live, Moore's law still observes things double
> > every 18 months, not every 18 hours.
> 
> http://rcc.lanl.gov/index.php as a starting point. screw moores law, if
> the problem can be parallelized. ;-)

The problem can already be parallelized. These are all searching algorithms
(either pure brute force or using sieve to shrink the keyspace that needs
to be tested), and are not 'cryptanalyst' attacks per se. The sieve may
reduce the keyspace that needs to be checked by a linear factor, but
as someone pointed out, the number of keys to be tested grows exponentially
with each bit added to the key.

Furthermore, why worry about 1024bit keys now? In 10 years when
people *can* crack 1024 keys like peanuts, we will all have switched
to OTPs or use some absurd key length. I'd rather worry about the 2038
deadline imho.

-- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
Yale University School of Medicine
Center for Medical Informatics | Research Assistant
http://cowbert.2y.net/