Why revoke a key?
Robert J. Hansen
rjh at sixdemonbag.org
Tue Oct 11 14:27:47 CEST 2011
On 10/10/2011 5:44 PM, Jerome Baum wrote:
> But remember Murphy's(?) law! -- (I mean the one about doubling computer
> power every 18 months -- are there two Murphy's laws? Confused now...)
Moore's Law.
For reference, a 40-bit key is breakable today by just about anyone, a
64-bit key is breakable today by people with access to significant
computational resources (hundreds of machines), and it's plausible to
believe fantastically wealthy adversaries can break 80-bit keys.
In 1998, EFF's DEEP CRACK exhausted a 56-bit keyspace in roughly 24
hours at a cost of $250,000. Assuming Moore's Law holds true, that
means it could be built today with equivalent performance for about $1,000.
A 64-bit keyspace is only a factor of 250 harder: a DEEP CRACK/64 could
theoretically be made at a cost of $250,000. An 80-bit keyspace is a
factor of 50,000 harder, more or less, putting the price of that at $12
billion, somewhere in there.
This is really rough back-of-the-envelope calculation, but it passes my
sniff test.
More information about the Gnupg-users
mailing list