# [Q] 128-bit symmetric encryption.

Denis McCauley DenisMcCauley@ifrance.com
Sat May 31 09:34:03 2003

```-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 31 May 2003 00:48:12 -0400
Daniel Carrera <dcarrera@math.umd.edu> wrote:

> Hello,
>
> I'm trying to figure out "how strong" 128-bit symmetric encryption is.
Tell me
> if I got it right:
>
> For a good algorithm, the only possible attack is brute force.  From
an earlier
> discussion, we can (roughly) estimate that it might take 50,000
computers at
> 2GHz one year to break 64-bit encryption.  Now, 128-bit encryption
should take
> 2^64 times more computing power to break.
>
> In other words, if I had a trillion computers each going a 1
TeraHertz, it
> would take them mover 1.8 billion years to break it.
>
> In conclusion, breaking 128-bit encryption by brute force is
impossible.
>
> Is this correct?

Strictly speaking, no. In reality a brute force attack would rarely, if
ever, have to try 2^128 combinations to break the encryption because
it's a question of probability. An attacker has a 50-50 chance of
breaking it in half that number. But the probability of breaking the
encryption in a lifetime is so remote that it's unlikely a pure brute
force attack like that would be tried.
>
> Note:  I am not saying anything about security.  I know that there are
many
> other possible attacks.  I know that the algorithm itself might be
broken so
> that brute force is not necessary.  That's not what I'm asking about.

> Ultimately, I want to conclude that there is no point in using more
than
> 128-bits in symmetric algorithmw.
>
> Is this correct?

Assuming that the algorithm has no fault, there could be weaknesses to
be exploited at the level of implementation of the algorith by a given
application and in key generation. You can find some comments by Bruce
Schneier on this at http://www.counterpane.com/crypto-gram-9910.html
>

- --
=====================================
Denis McCauley
GPG/PGP keys at http://www.djmccauley.tk
=====================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr1 (Windows 2000) - GPGshell v2.70
Comment: Key ID: 0x578247B4 (using signature subkey 0x4980C4F7)
Comment: 3C0A D97D 5FC5 A250 20BC EBC6 EB0E 9716 5782 47B4

iD8DBQE+2FonJpZGKkmAxPcRAvYUAJwOK0UWKpeeoTTSxn+GrfgQ6P6J4QCfXg2l
JYqPQTTHL8aU1yG10PP5/nk=
=YasG
-----END PGP SIGNATURE-----

_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

```