# [Q] 128-bit symmetric encryption.

**Daniel Carrera
**
dcarrera@math.umd.edu

*Sat May 31 21:23:02 2003*

--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, May 30, 2003 at 09:33:25PM -1000, Denis McCauley wrote:
>* Strictly speaking, no. In reality a brute force attack would rarely, if
*>* ever, have to try 2^128 combinations to break the encryption because
*>* it's a question of probability. An attacker has a 50-50 chance of
*>* breaking it in half that number. But the probability of breaking the
*>* encryption in a lifetime is so remote that it's unlikely a pure brute
*>* force attack like that would be tried.
*
Yes, I'm aware of that. But what I said is that a 128-bit key takes 2**64=
=20
times longer to crack by brute force than a a 64-bit key. The 50% factor=
=20
gets accounted for in the time that it takes to brute force a 64-bit key.
But that's getting a little off toppic. What I'm trying to find out is if=
=20
there is any point at all in having a key length longer than 128 bits.
In other words, the key length is not an issue. Any fault in the=20
encryption will be elsewhere (e.g. algorithm choice, implementation,=20
physical security, etc).
Thanks.
--=20
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
--d6Gm4EdcadzBjdND
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
iD8DBQE+2QFlnxE8DWHf+OcRArbqAKCjlC2mZhP3oVPUu2yVZKydb8SCtgCfZmst
meCMl3FnVCOLD20Gyi7Zdrw=
=cZDY
-----END PGP SIGNATURE-----
--d6Gm4EdcadzBjdND--