Researchers Crack 923-bit Encryption, Set New World Record

22

Comments

+ Add a Comment
avatar

_Wheen_

The article which I assume is your source is terrible. It was torn apart on the comments of the reddit thread:
http://www.reddit.com/r/technology/comments/v9xap/fujitsu_cracks_nextgen_cryptography_standard_1482/c52muhy

and on slashdot:
http://it.slashdot.org/comments.pl?sid=2925395&cid=40369031

"'I don't know of any proposed cryptographic standard with 923 bit anything.'

Ha I found it, purely by luck. First of all assume the press release went thru a journalism and PR filter so its almost entirely incorrect other than some numbers might not be incorrect.

I remember reading a paper on implementing IDEA (which is a two decade old, semi-patent-unencumbered algo because its so old) on a Spartan FPGA, which I remember because I fool around with a spartan dev board at home and this is the kind of thing you find when you google for fpga and various crypto system names, etc. Anyway that specific FPGA implementation of IDEA has a latency of ... 923 cycles. So its not 923 bit anything, they're talking about a streaming cryptosystem that takes 923 cycles from the first bit squirts in until that encrypted first bit bit squirts out, and the journalist filter rewrote it. Thats low enough latency for high bandwidth stuff like video, but not so good for voice or keyboard ssh unless you play some games (which is a whole nother topic)

Anyway, cracking a 'mere' 128 bit sample in 148 days or whatever is still kinda interesting, even if its not cracking an entire 923 bit system. Landauer limit alone would imply they had to have cracked the algorithm not just brute forced it.

http://www.cs.washington.edu/education/courses/cse590g/01sp/fccm00_idea1.pdf [washington.edu]

http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm [wikipedia.org]"

avatar

szore

OK, read everything, and you people are a lot smarter than me.

I have no idea what the heck any of this means.

Just wanted to share that.

avatar

Biceps

szore, what happened to the tie? Off probation?

avatar

szore

You caught that, right? Ah... to be 18 again...

avatar

tekknyne

I'll second that one. Cracking passwords is pretty interesting, but I can't say I really ventured into much. To me, it seemed like the end game always had -felony- written all over it with my luck :)

avatar

thetechchild

Would it kill you guys at MaxPC to get your research right?

Cracking 923 bits on a pairing-based algorithm is not much to be excited about. For one thing, they're not meant to withstand that much firepower. For another, pairing-based algorithms are not AT ALL the same as AES, which will undoubtedly last many decades before we have the computing power to brute force it, and probably at least a decade before we have a mathematical breakthrough that makes it obsolete.

avatar

t.y.wan

Would definitely want to know the time it took...

avatar

zaznet

In the article it states over 148 days.

avatar

The Second Comi...

Chicken Pants is waiting for the 49th Mersenne Prime to be discovered. He considered himself to be the 48th.

avatar

praetor_alpha

Throwing more bits at an encryption algorithm is useless if said algorithm is shit to begin with. Creating one that uses X bits so you can crack it in Y hours just to say that "you cracked an encryption algorithm that uses the most bits" is self-aggrandizing happy talk that has no real value.

This is not an attack against AES (Advanced Encryption Standard), the most common encryption algorithm in use today. Come back when someone's cracked that.

It is worth noting that the AES standard was selected from many competing submissions; all of them tested extensively.

avatar

kixofmyg0t

CPU cracking is like trying to paint a Masterpiece with a crescent wrench.

Did they not know how well Radeon 5870's are at cracking encryption?

.....maybe I've said too much.

avatar

thetechchild

You, sir, fail at attempting to be smart. These people are not brute forcing, they are serious researchers with an understanding of cryptography that you cannot dream of. I'm pretty sure they know what they're doing, and I'm even more sure that you definitely don't.

avatar

kixofmyg0t

LOL are you sure about that?

I don't care what you think I know. If you think I don't know what I'm talking about then please continue on. It's not like I've been fascinated by cryptography for longer than you've been alive or anything. Nope.

avatar

RaptorJohnson

You apparently care enough about what he thinks to lie to him about how much you do not care about what he thinks.

avatar

NavarWynn

To assume that no 'average' criminal (much less a moderately funded espionage service) couldn't get their hands on the computing power required (say, about, 63 quad core desktops?) seems kind of naive.

Let's see, how many bits is the encryption used throughout much of our country's infrastructure (like the power grid for example)? Banks? Seems to me that it'd be an easy shake for a couple of good hackers (or programmers ;) ), and access to 60 or so desktops (or many less) to network together, and they could break *anything* anywhere. In fact, you could pack that kind of computing power into an RV and drive it anywhere... A single server room has enough power, used properly, to make it happen.

From here its just a matter of *time* until it happens (not a matter of if)...

...in fact, I think this'll be the subject of the next big 'computer hacking/Bruce willis/firesale/end of civilization' thriller... duh duh dun!

avatar

Neufeldt2002

Would be very easy to get that many computers. Just release a piece of malware designed to replicate Folding@home or whatever and instead of doing just that also have it work on decryption. Easy as pie.

avatar

kixofmyg0t

It's even easier just to rent some Amazon cloud computing servers.

It's even easier AND more effective to get a pair(or more) of Radeon 5870's to do it instead.

One 5870 still destroys a Geforce GTX 690 for that purpose.

avatar

cownaetion

*facepalm*

avatar

cownaetion

 

avatar

Trooper_One

Never mind some no-goodoer might get his hands on. Imagined what a well funded state with lots of $$$ and expertise can do at their disposal...

Now think of what countries like China, Iran, UK, Isreal, USA, get the point?

avatar

Cache

So I'm guessing TrueCrypt is pretty much a dead technology in the next 5 years?

avatar

compro01

No. This is about public key encryption, not symmetric key encryption.

Public key is used for signing executables, authenticating web sites, etc.

Symmetric key encryption is mostly used for encrypting stuff in general.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.