jim,
Thanks for the reply. The point you and Schneier make is an excellent one; the human is certainly the weakest link of the equation, and the recently published 256-bit AES "crack" referred to in the article has no reason to dissuade people from the use of AES. (Another interesting reference to the security vulnerability posed by the human factor is one of Kevin Mitnick's books on social engineering, The Art of Deception.)
The point you make is that the computational complexity requirements of cracking such encryption is beyond feasability -- and that a high level of "infeasibility" is what is important where the algorithm is concerned. To someone asking about a practical measure of "safety" given by an algorithm, like I did in my original post, this is a good answer -- it is plenty safe!
My real interest is to understand the degree to which such a task is infeasible. From my example, if the 256-bit AES crack required 1.9 * 10^25 terabytes (rounded) of storage in some combination of RAM and/or disk space, plus the amount of computation required to perform the attack, that would certainly be well beyond the realm of feasibility. If I am to say that something is infeasible, I have to learn the "why" behind it -- otherwise, I have no personal understanding of it; I would be reciting "something I heard on the Internet". Not very convincing in conversation, even if there has never been a truer statement! Having a quantifiable amount like the above so I can say something like, "You would need 1.9 * 10^25 Terabytes of storage to implement the attack" is how one
knows that something is infeasible. For educational purposes, I am trying to find the ground where the theory meets reality.
So, for example, am I arriving at the figure "1.9 * 10^25 terabytes" correctly, from this explanation in my first post? I know I did the math correctly, but am I missing any fundamental ideas, or would this be a correct derivation?
Quote:
... if I assume a key length of 256 bits and I need to store 2^119 keys simultaneously, I should be able to calculate the total storage size required to make an attempt at this particular attack:
In bits: 256 bits * 2^119 = 1.7 * 10^38 bits (rounded)
Converted to terabytes: 1.9 * 10^25 terabytes (rounded)
Similarly, is my statement of 2^256 password guesses to completely guess all possible keys (using a key length of 256 bits) where the idea of a computational complexity of 2^256 comes from? For instance, this would let me figure out how many processing cycles a single guess attempt might take using a specific piece of software on a given platform, then crunch out some numbers to arrive at a measure of time (however obscene and unimaginable it might be).
Thanks again for your help.