IETF Logo Mail Archive

Re: [TLS] Comparative cipher suite strengths

Eric Rescorla <ekr@networkresonance.com> Thu, 23 April 2009 13:52 UTC

Return-Path: <ekr@networkresonance.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 72D3B3A6A69 for <tls@core3.amsl.com>; Thu, 23 Apr 2009 06:52:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.445
X-Spam-Level:
X-Spam-Status: No, score=-0.445 tagged_above=-999 required=5 tests=[AWL=-1.809, BAYES_20=-0.74, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drYB-xP47Nu6 for <tls@core3.amsl.com>; Thu, 23 Apr 2009 06:52:57 -0700 (PDT)
Received: from kilo.networkresonance.com (unknown [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id B254C3A71CD for <tls@ietf.org>; Thu, 23 Apr 2009 06:52:57 -0700 (PDT)
Received: from kilo.local (unknown [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id E17DF188780; Thu, 23 Apr 2009 06:56:38 -0700 (PDT)
Date: Thu, 23 Apr 2009 06:56:38 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Daniel Brown <dbrown@certicom.com>
In-Reply-To: <DB0308E9CFAFAE4FB19F9C151B957F4145684D4F72@EX41.exchserver.com>
References: <90E934FC4BBC1946B3C27E673B4DB0E46A6136F31C@LLE2K7-BE01.mitll.ad.local> <20090422134627.C58A718852A@kilo.networkresonance.com> <DB0308E9CFAFAE4FB19F9C151B957F4145684D4F72@EX41.exchserver.com>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20090423135638.E17DF188780@kilo.networkresonance.com>
Cc: "'tls@ietf.org'" <tls@ietf.org>
Subject: Re: [TLS] Comparative cipher suite strengths
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2009 13:52:58 -0000

At Wed, 22 Apr 2009 11:51:10 -0400,
Daniel Brown wrote:
> 
> Eric,
> 
> Are you saying that 2^128 computations will never be feasible, and
> therefore, that Moore's law will stop?

I wasn't aware that that was a particularly controversial observation.

Current computers, with feature sizes of about 50 nm (50 * 10^{-9} m)
are just about fast enough to brute force a 64-bit key. So, in order
for Moore's law (which, remember, is about feature size) to get us to
128-bit keys, the feature sizes would need to shrink to 50 * 10^{-9} *
2^{-64} ~= 50 * 10^{-28}. Given that hydrogen atoms are on the order
of 10^{-10} m large, I don't think it's particularly safe to do a
straight line extrapolation of Moore's law through 18 more orders of
magnitude. Obviously, it's possible we'll learn how to construct
computers with some entirely different technology (quarks!), but
it's not like it's just a matter of giving Intel more money.

-Ekr

v2.23.0 | Report a Bug | By Email