[OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?

Robert J. Hansen rjh at sixdemonbag.org
Tue Apr 19 05:15:26 CEST 2011

> Are you asserting that there exists a group that can brute-force a 64-bit key in a few seconds?

First, thanks for the correction on the RC5-64 project.

Short answer: no, I am not asserting a group exists that can brute-force a 64-bit key in a few seconds.  I am asserting that it's plausible such a group might exist, and if so it is probably a First World intelligence agency.

The EFF's DES cracker ("Deep Crack"), built in 1998 using now 13-year-old technology, exhausts a 56-bit keyspace in nine days at a cost of $250,000.  A 64-bit keyspace is only a factor of 250 harder, and brute-forcing is parallelizable.  Set up 250 Deep Crack-style machines in parallel and you're out $60 million, plus building space and personnel... call it $100 million total.  Scale this machine up to $1 billion and you're looking at some pretty quick keyspace exhaustion.  

Megacorporations will probably not be willing to drop that kind of coin on dedicated key crackers, but if bin Laden's current GPS coordinates were protected by RC5/64 you'd see Fort Meade's chip fab line working round-the-clock shifts.

More information about the Gnupg-users mailing list