Leo: We’ve learned that with HushMail, for instance, which is an email encryption service that just handed over keys when asked. And that’s, in most cases, what any of these services are going to do unless they want to be outside the law.
Keenin, Moses Lake, wherever that is [Washington], offers some fun math: I had a discussion with a classmate about encryption and how he thought the government could break anything. I knew better than to argue with him, so instead I did some math for the fun of it. I know you already know this, but I had to vent. I took 256-bit encryption and assumed that the only way to crack it was, as we currently believe, a brute-force attack against the 256-bit key. After all, we’re talking 128-bit this and 256-bit that. It’s the bit length we’re focusing on.
So let’s say the tricksy government has a secret algorithm that somehow allows them to weaken the strength to one trillionth of the original. That’s a good number, one trillionth. And let’s say they had a computer that can try 100 trillion guesses per second. And let’s say this computer was one cubic millimeter in size, and let’s say they build a cracking complex the size of the entire Earth made out of these one cubic millimeter crypto cracking computers. If I did my math right, it would still take 34 trillion years to crack. I like that.
Steve: I like that, too.
Leo: Did you check his math?
The answer, as far as I can figure, is 33.8802 Trillion years: well within the significant figures given the size of the numbers.
The matlab code is:
clear all; clc;
N_BITS = 256;
keysPerOp = 1/2^N_BITS;
nComps = 1.0830e+30;
opsPerSec = 10^14;
speedup = 10^12;
secPerYear = 31557600;
keysPerYear = keysPerOp * nComps * opsPerSec * speedup * secPerYear;
yearsPerKey = 1/keysPerYear;
trillionYearsPerKey = yearsPerKey / 10^12;
disp([num2str(trillionYearsPerKey) ' trillion years per key']);
I’m sure Steve Gibson‘s email box is flooded every minute with stuff more important than this response, but hopefully it will find its way back to him. If you’re reading this Steve, I love the specificity with which you attack even the most complex of security concepts. It makes my job at Nerds Limited as a tech consultant all the more fun!
Update: Below is a clip from Security Now episode 343 where Steve mentions this post. Thanks again!