encryption algorithm

Robert J. Hansen rjh at sixdemonbag.org
Tue Dec 17 22:54:00 CET 2013


> Lets assume the people I email have the same preferences.  So how
> long, and at what cost would it take to brute force crack a captured
> message?

[sigh]

Not this again.  I get very tired of answering this question.

The Second Law of Thermodynamics puts a minimum energy requirement on  
how much energy it takes to change the state of a bit.  That's given  
by kT ln 2, or on the order of 10**-23 joules.

You want to exhaust keys in random order, because otherwise it would  
give the defender an easy way to make things hard for you: just use a  
key that's close to the end of your search order.  By exhausting  
random keys you foil that defense.  Between setting and clearing  
registers on the CPU, loading instructions into memory and so on,  
let's say that each rekeying operation takes 10,000,000 bits (10**7)  
being changed.  (That's a wildly optimistic number, incidentally.)

Finally, 2**255 (the average number of keys you'll have to exhaust) is  
about 10**77.

10**77 keys * 10**7 bitflips per rekeying * 10**-23 joules per bitflip  
equals... 10**61 joules of energy.

A supernova releases 10**44 joules of energy.  You'll need 10**17 of  
them just to power the computer to brute-force a 256-bit cipher.  The  
Milky Way has about 10**11 stars; you'll need about 60 galaxies to go  
supernova all at once.  This turns out to be about the same size as  
the Virgo Supercluster, which is the region of the universe the Milky  
Way is in.

The amount of energy we're talking about here is so large there is a  
non-zero chance it would disturb the false vacuum of spacetime and  
annihilate the cosmos.

People always seem to ask me if I'm making these numbers up.  No, I am  
not, nor am I joking.

No one will ever.  Ever.  Brute-force a 256-bit cipher.



More information about the Gnupg-users mailing list