## Security Now #340 Encryption problem

On February 15th, Steve Gibson’s 340th Security Now Podcast had an interesting math problem which, to my knowledge hadn’t been checked out.  Here’s the quote from Steve’s transcript:

Leo: We’ve learned that with HushMail, for instance, which is an email encryption service that just handed over keys when asked. And that’s, in most cases, what any of these services are going to do unless they want to be outside the law.

Keenin, Moses Lake, wherever that is [Washington], offers some fun math: I had a discussion with a classmate about encryption and how he thought the government could break anything. I knew better than to argue with him, so instead I did some math for the fun of it. I know you already know this, but I had to vent. I took 256-bit encryption and assumed that the only way to crack it was, as we currently believe, a brute-force attack against the 256-bit key. After all, we’re talking 128-bit this and 256-bit that. It’s the bit length we’re focusing on.

So let’s say the tricksy government has a secret algorithm that somehow allows them to weaken the strength to one trillionth of the original. That’s a good number, one trillionth. And let’s say they had a computer that can try 100 trillion guesses per second. And let’s say this computer was one cubic millimeter in size, and let’s say they build a cracking complex the size of the entire Earth made out of these one cubic millimeter crypto cracking computers. If I did my math right, it would still take 34 trillion years to crack. I like that.
Steve: I like that, too.
Leo: Did you check his math?

Making use of MatLab, and a little code thanks to a little help from my brother.

The answer, as far as I can figure, is 33.8802 Trillion years: well within the significant figures given the size of the numbers.

The matlab code is:

#### trillionYearsPerKey = yearsPerKey / 10^12; disp([num2str(trillionYearsPerKey) ' trillion years per key']);

I’m sure Steve Gibson‘s email box is flooded every minute with stuff more important than this response, but hopefully it will find its way back to him.  If you’re reading this Steve, I love the specificity with which you attack even the most complex of security concepts.  It makes my job at Nerds Limited as a tech consultant all the more fun!

Update:  Below is a clip from Security Now episode 343 where Steve mentions this post.  Thanks again!

343 Security Now 343_ HTTP & SPDY

## A living résumé.

Upon completion of my bachelor’s degree in the midst of a severe economic depression, it became increasingly clear that our generation would not adhere to the singular, linear career paths enjoyed by our grandparents, or (to a lesser degree) by their posterity.

Ours will be a series of economic interminglings; a thread of “gigs” in which a lifelong mix of interests lend themselves to both personal and professional contributions.  Gone are the days of foreseeable long-term employment for many of us.   This isn’t an opportunity to worry, rather an invitation to live the professional equivalent of many lives in a single sitting!

Before I’m accused of working myself into a lather over sensationalist philosophical reflections on pop-culture’s trends, I must amend my previous statement.  I don’t intend to paint a grim and unsettling picture wherein one wallows aimlessly in search of a simpler predicament.  For some of those in my generation, no such uncertainty exists currently or ever will come to pass.  Those who seek a more traditional career will undoubtedly find it in the steadfast institutions of academics, government, military, or the like.

The rest of us have a uniquely multi-faceted professional endeavor ahead of us!  One in which our personal passions are just as pertinent as our current résumé with respect to our next professional endeavor.   With the increasing ease by which information flows between individuals, one can easily google themselves and discover many clippings from their lives.  Such digital cutlets, detached from their subject, paint a highly incomplete picture.

For example, what would your life story be if you couldn’t write it?  What if you had to depend solely upon what others wrote about you?  Would you consider such a picture to be the basis for your future employment or, one’s first impression of your ‘digital footprint’?  Certainly not!  If for no other reason than it would be a rather incomplete and detached story forged from many different perspectives and detached from any meaningful timeline.

To paint a meaningful picture of a person is no easy feat.  It requires patience and above all, a detached expository perspective which is (at best) difficult to congeal neatly onto a single sheet of résumé paper.  I have decided that this site will be a living resume.  An archive of past accomplishments and future aspirations.

Don’t look here for my innermost feelings or pithy, quixotic zingers on daily events.  Rather, this site will be a professionally unprofessional record of my contributions to the world comprised of photography, essays, videos and audio.  I encourage everyone to proactively invest themselves in composing their digital footprint.  It may very well be the best portrait ever made.

This post is a work in progress.  I know it is a tad vague in its current state.  Stay tuned for more.

## HD Video

Last night, I decided to play with HD Video using a bottle of sparkling water and mt Canon T1i.  Combined with a few Pocket Wizards and a SpeedLite 580 EXII, I believe anyone can take beautiful pictures (and video).