>> (unless they can hack it, but then any encryption scheme is subject to
>> hacking).
>And this is a very important point. I could be wrong, but I seem to
>recall that TSM's encryption uses straight up DES, which uses a 56 bit
>key.
Yes, NIST has been looking for a replacement for DES for decades. The
search for AES (Advanced Encryption Standard) has produced 5 finalists.
Hopefully people will be able to implement the new standard quickly once
it's decided.
>It has been proven that very determined people can brute force 56 bit DES
>-- distributed.net, which utilizes idle time of thousands of computers,
>was able to do it in less than 24 hours. There are design specs available
>for theoretical computers which are supposed to be able to brute force 56
>bit DES within minutes -- but the cost of these computers is generally
>considered prohibitively expensive. However:
Actually, it was EFF.org that built the DES cracker (a mediocre number of
custom designed chips each attempting brute-force attacks on slices of the
keyspace) and won the RSA challenge (1999) in approximately 3 days. Here's
the link: http://www.eff.org/descracker/
>1. Consider the following -- KaZaa, a fairly popular napster-alike, has
<snip>
While true, a truly committed adversary would be willing to spend a few
dollars. Although, the concept of a teenaged prankster gathering the
computational resources to crack the encryption protecting your files is,
in a word, frightening.
>2. 'Prohibitively expensive' is relative. I've heard estimates that put
>the price of building such a computer at a little over $1B USD. <snip>
The EFF Box was $250k for three days. If it's linear (it would be in this
case) $1M in hardware would exhaust the keyspace in under 24 hours. (And
you don't have to get them all, you just have to get the one that works.)
>Basically, what I'm saying is, TSM's encryption is better than nothing,
>and is suitable for many purposes, but your original statement,
>>"They have extremly valible data witch may not get in the wrong hands."
>... that indicates that this may not be suitable for your case :)
I agree wholeheartedly. You need to compare the cost of obtaining YOUR
data, restoring it, decrypting it, then trying to make competitive use of
it, and still be cost effective in the process. In the grand scheme of
things, if you're that worried about your data, you shouldn't be letting it
out of your immediate realm of control. =)
>If you _really_ need to make sure people can't get it, you need to use a
>lot more than 56 bits. 128 is the bare minimum these days, and even that
>is starting to come under fire :)
RC6 (an AES contender) has a variable key size, up to 2048bits.
Computationally, 2048bits is beyond the realm of even remote possibility
for brute-force attacks. Although, there is talk now of biochemical
computers that would be able to solve these sorts of problems easily
(problems that conventional and even unconventional microprocessors aren't
suited for -- like factoring).
What Kyle says is true -- DES would merely annoy a determined adversary.
If your data's value is truly incalculable, invest appropriately in the
solution you use to protect it.
-JD.
=========================================================================
|
