?

Log in

No account? Create an account

Previous Entry | Next Entry

YHBW.

Observation just now from Radu Sion during the FC rump session: in the cloud, it costs about $5 million to brute-force 64 bits of symmetric key.

Tags:

Comments

( 12 comments — Leave a comment )
mouser
Jan. 27th, 2010 12:33 am (UTC)
That's both scary and sorta non-surprising...
krfsm
Jan. 27th, 2010 09:38 am (UTC)
What time-scale are we looking at? Or is this a pure time-vs-power tradeoff, so $5M buys me enough computations, either in parallel or over time, to brute-force? Five minutes but very visible to the cloud providers, or five days, but much less visible?
vatine
Jan. 27th, 2010 11:50 am (UTC)
I think CPU pricing is in CPU seconds, so using X CPU for 2T is (approximately) the same as using 2X CPU for T (though there's probably a RAM charge that makes the total prices 2TX+2RT and 2TX+RT).
krfsm
Jan. 27th, 2010 02:54 pm (UTC)
Why am I thinking of the Mailman from "True Names" here?
jrtom
Jan. 27th, 2010 06:11 pm (UTC)
Presumably it depends on how parallelizable (or, since they apparently have a specific method in mind, parallelized) the computation is.

What I'd like to see is a graph of bucks-per-bits (i.e., how many $ does it take to brute-force a 96-bit key, and so on?).
docstrange
Jan. 27th, 2010 08:43 pm (UTC)
Given a crypto algo without known weaknesses, it should double per extra bit, no?
docstrange
Jan. 27th, 2010 08:43 pm (UTC)
(And given we're talking brute force, the weakness isn't relevant to the measurement...)
jrtom
Jan. 27th, 2010 09:05 pm (UTC)
That's what I'd expect, yes. But what I expect is not always what is true, so it's good to have data that confirm (or deny) my understanding. Also, I'm not a cryptanalyst, so I don't know whether there are any nuances to the "double per extra bit" rule of thumb.
vatine
Jan. 28th, 2010 01:58 pm (UTC)
I think the right answer is "roughly". It depends on how much the extra key space influences the actual encryption. A typical example would be 3DES, with triple the number of key bits, for squaring the amount of effort to brute-force (as to exactly why that is, ask a cryptographer, I can sorta see it but not explain it).
maradydd
Jan. 29th, 2010 06:52 am (UTC)
I think he's done that, though it wasn't in the talk. 80 bits (IIRC, and this was three days and a continent ago) was something like $384B.
maradydd
Jan. 29th, 2010 06:51 am (UTC)
Yeah, he started by figuring out what a cycle costs in picocents in various environments. The cloud is far cheaper than desktops or even in-house server installations due to economies of scale -- it turns out that once you get above a certain size, power consumption outpaces the cost of support, which is traditionally the limiting factor.
maradydd
Jan. 29th, 2010 06:49 am (UTC)
$5M buys you enough computation and it parallelizes easily. He didn't discuss visibility, as it was a five-minute rump session talk, but I'm sure he'd be up for talking about that.
( 12 comments — Leave a comment )

Latest Month

July 2015
S M T W T F S
   1234
567891011
12131415161718
19202122232425
262728293031 

Tags

Powered by LiveJournal.com
Designed by Tiffany Chow