Topic: the ability to crack current public encryption. (Read 5483 times)

They don't need to break AES/twofish/serpent because almost always it is implemented insecurely, allowing for side channel attacks and other methods to get at the keys. At least according to Bruce Schneier

Agreed, it is irrelevant if people use strong encryption.

"The most likely scenario is Moore's law hold".

So there's at least a 51% chance that Moore's Law will hold? How did you calculate that? But I'm off-topic.  

[EDIT]: Another nail in the coffin - The High Cost of Upholding Moore's Law

Right but the point being that is an unlikely scenario.

Which is why I said you are RIGHT but it is irrelevant.  The most likely scenario is Moore's law hold, there is no global war wiping out technological progress and your encryption must be able to handle 1 million fold increase in computing power over the next three decades.

No one is hoping for a nuclear war (well....except maybe Donald Rumsfeld et al.). But war is an inevitable scenario, only one of several possible scenarios that would 'encourage' people to be less fascinated with decryption and more focused on say, putting food on the table, or otherwise perpetuating the human race.

Although I disagree with foggyb larger view and I think Moore's law (or more correctly we are interested in Koomey's law as it relates to encryption) is good for at least three or four decades and possibly a century he likely is right about war.

Since WWII at least in the US (and I would imagine around the world) military tactics have changed.  The goal is no longer to secure territory, land, strategic points ("take the hill") it is to utterly dominate the enemy and destroy both their ability to wage war (kill troops instead of taking land) and their ability to finance the war.

WWII defenses and offenses were fairly matched.  B-52 bombers for example could level a factory but they often missed and routinely bombers would be destroyed enroute.  Since WWII the destructive capacity of offensive weapons has improved by magnitudes but defensive systems haven't.

In a modern global war of full spectrum dominance you simply couldn't defend your industrial assets.  Stealth bombers, high speed drones, ground hugging cruise missiles, bunker buster ordinances, ballistic missiles, long range pinpoint accurate field artillery, etc would rapidly overwhelm any defensive systems.

How many cruise missiles can a Intel FAB take before it is a $20B pile of rubble?  How many stealth bomber runs can a nuclear power plant take before it is molten radioactive slag and there is no power to run your $20B Silicon chip FAB?

The most effective way to "win" is destroy the enemies ability to wage war so both (all?) sides will.

The good news is all the nations capable of waging such a war have nuclear weapons and unstoppable delivery systems.  Any such war would inevitably escalate to nuclear force.  Either pre-emptively to "end the war before it starts" or defensively as one side starts to lose and sees nuclear weapons as the only way to regain a fighting chance.  Nuclear escalation wouldn't stop (when 1 million of your citizens die as a leader you will strike back with similar force).  Limited "strategic exchanges" would escalate to "counterforce" (google it) strikes and eventually full scale "countervalue" strikes. 

So yes when 90%+ of human race is wiped out and technological progress is pushed backwards 200 or so years as humans cling to a shattered and poisoned planet then foggy is likely right Moore's law won't continue and your encrypted file is likely safe.


Still now that we are WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYYYYYYYYYYYYYYYYYYYYYY off topic.

Hoping for a nuclear war (or any other improbable scenario) to keep your encrypted secrets safe really doesn't have much value.   It would be like not getting fire insurance, counting on the fact that the day your house catches fire it will be raining ... hard.

Any estimate for the long term strength of a cipher should be based on the most plausible and likely scenario.  That scenario is that Moore's law (or more accurately Koomey's law) will continue for next 30+ years.  So if your secret must remain protected even 30 year from now you should assume computers will eventually have 1 million times as much performance per watt (30 years at doubling ever 18 months).  When choosing a cipher strength that should be your target.

Now if your assumption is WRONG well most likely it is wrong on the short side (nuclear war, lack of demand for faster chips, technological brick wall) and your file is still safe.  On the other hand if your assume Moore's law won't hold and it does well you are fracked.

It is all about being conservative.

Solid-state transistors were not manufactured before 1948. So much for chip density R&D.


Your position isn't supported by history either, if you're arguing for Moore's Law. We have never seen a world war while Moore's Law was in effect. Of course I agree that the military needs better tech. But they won't necessarily see an immediate benefit to increased transistor count during a war. Its a long-term thing. R&D will be focused on very specialized things, and re-directed from where the money was going before. Shifted priorities is the key phrase.

Unless everyone dies.

During world war 1 and 2 research skyrocketed.
War is a great motivator for R&D

What a shitload of fearmongering.

The dilemma with rumors like this is, if they are true, is that once the agency starts using it on large scale people will notice, or it will leak, and people switch to different encryption schemes. It is at most a temporary advantage. Attained at high cost and very easy to lose. So if they have found a ways to crack AES256/RSA/ECC it will be a well-kept secret and only used for really high-profile cases such as government-to-government espionage. They certainly won't put it in a press release.

To support rjk, WWII spawned a whole host of computers to do everything from breaking German codes to designing better bomber targeting scopes.

That isn't supported by history. In the past, increased war spending has meant floods of war-money into both manufacturing and also R&D efforts for things the military wants. In an increasingly information-centric world, computing power is a resource wielded by powerful nations just as much as missiles and armies are.

It would put a damper on R&D for increasing chip densities. Notice i said a WORLD war? Not USA takeover of camel jockey capital.

More of a redirection ... although more focussed and done at cheaper rates (military pay).

Exact opposite actually.

Not sure if serious...

Mmmm, Moore's Law hasn't met a full-blown depression yet. Not depressed consumer syndrome, I mean a no jobs/ no money/gas & food shortage scenario aka 1930's level.

Or hey, what about a world war? That would certainly put a damper on R&D.

What materials shortage has occurred in the past?

Don't forget that the algorithms have historically improved at a pace comparable to moore's law, at least for the cases of factoring large numbers and discrete logarithms.       

#2 makes no sense. You seem to be implying that Moore's law will double the speed of chips every year (that's off, but close enough if it makes your calc easier), and that every year the budget will double so you can buy twice as many chips. IE, this year you can do X, next year you can do 4X, the year after you can do 16x, etc.

The doubling of budget every year is ridiculous though. If they spend $250M in 2011 to finish this $2B project, will they then spend $500M in 2012? $4B in 2015? $131T in 2030? $6.4x10^38 in 2112? Of course not. If chip prices rise at about the same price as inflation, and you make the assumption that performance follows a version of Moore's law (doubles every 2 years instead of the 1 year you have listed), using standard brute force methods in 100 years you would be 2^50 faster than today, not 4^100 (2^200).

Moore's law has already survived depression and materials shortages. 

The one trend you site... lower demand for desktops may do it.  Devices like iPads are taking more and more of a share, and custom built high end computers seem to be dwindling outside of specialty things like bitcoin and high end gaming. 

You could increase the density of transistors many times, but they simply could not search large enough portion of 256-bit keyspace to recover the encryption key. You absolutely need some mathematical means to attack AES or any other cipher.

And the Microsoft Windows that will be around that time will be slow on that processor.