Each additonal bit doubles the number of keys you have to test in a brute force attack, so by the time you get to 128 or 256 bits, you have a staggeringly large number of potential keys to test. The classic illustration of this exponential growth is the fable of the mathematician, the king, and the chess board:There is an old Persian legend about a clever courtier who presented a beautifulchessboard to his king and requested that the king give him in return 1 grain of rice for the first square on the board, 2 grains of rice for the second square, 4 grains for the third, and so forth. The king readily agreed and ordered rice to be brought from his stores. By the fortieth square a million million rice grains had to be brought from the storerooms. The king's entire rice supply was exhausted long before he reached the sixty-fourth square. Exponential increase is deceptive because it generates immense numbers very quickly.By the time you get to that 32nd chessboard square, you're facing a very large number indeed.However, 2^32 isn't necessarily a very large set of keys when you're performing a brute force attack with a worldwide distributed network of computers. Such as the RC5 distributed computing project. Here's what they've done so far:a 56-bit key was cracked in 250 days.a 64-bit key was cracked in 1,757 days.a 72-bit key is still being cracked; 1,316 days so far with 379,906 days remaining.
The earliest 56-bit challenge, which ended in 1997, tested keys at a rate of 1.6 million per second. The ongoing 72-bit challenge is currently testing keys at the rate of 139.2 million per second. We're testing keys 88 times faster than we were 10 years ago, through natural increases in computing power and additional computers added to the distributed computing network.And yet the RC5-72 project still has 1,040 years to go before they test the entire keyspace. Remember, that's for a lousy 72-bit key! If we want to double the amount of time the brute force attack will take, all we need to do is tack on one teeny, tiny little bit to our key. 73-bit key? 2,080 years. 74-bit key? 4,160 years.It's painfully clear that a brute force attack on even a 128 bit key is a fool's errand. Even if you're using a planet covered with computers that crack keys at the speed of light.If you're a smart attacker, you already know that brute force key attacks are strictly for dummies with no grasp of math or time. There are so many other vulnerabilities that are much, much easier to attack:RootkitsSocial engineeringKeyloggersObtain the private key file and attack the password on it
Of course, beyond ruling out brute force attacks, I'm barely scratching the surface here. Jon Callas' Black Hat conference presentation Hacking PGP (pdf) goes into much more detail, if you're interested.
Quantum Chess Full Crack [cheat]
Download: https://jinyurl.com/2vIr8d
A large part of building the YuQC community was done during our social hours, which alternated with biweekly club meetings and explored everything from experimental quantum computing lab tours to quantum chess.
According to NIST's password guidelines, user-selected secrets should be at least eight characters in length, which assumes using the full range of upper-case, lower-case, and special characters. Microsoft suggests an eight character minimum too. But given that Thompson's eight character password hash was cracked in a few days, something longer might provide more peace of mind.
IK: Yet another set of questions. So let me agree with you. Our classical systems, our existing computers, are good for what we want them to do. Absolutely. What we want them to do though is only a subset of what we now know computers can do. There are many things that our computers cannot do. There are many things that they do that a quantum computer will not do well. Watch a YouTube video, just calculate things that are very mechanical. I don't know, play chess perhaps. But then there are a vast majority, and I use the word majority of things that we would want computers to do that they don't know how to do. And let's have one real example, and that is the mechanical creation of a new material if we knew what the new material is going to be used for.
MH: We've spoken in the past about the practical applications for quantum computers such as materials discovery, the cure for Alzheimer's, hydrogen batteries, and then shifting the boundaries of how efficient we can be in other areas like oil field analysis and logistics and things of that nature. But the big headline that gets a lot of attention is the idea that quantum computers are going to be able to crack cryptography, and therefore there's really not much of a point in any of this kind of cryptography that we're engaging in today, because when hackers hack a system, they're doing it to "hack and harvest", to grab technology, grab intellectual property, grab something that is encrypted, knowing that at some point they would be able to un-encrypt it. Let's sort of break down that whole idea. First of all, by starting with the reality that quantum computers are misunderstood to be faster, "it would take 1,000 years for a traditional CPU to crack that code. A quantum computer can do it in almost no time at all!"
As far as I'm concerned, and as increasingly the other people are concerned, the properties of a quantum computer that allow you to break that algorithm or crack that code, also allow you to generate perfect patternless randomness. Randomness from nature, which is unhackable. These keys, the ability to generate these keys is now with us, and this is very, very important so that we can, I won't say stop worrying, but cease worrying, to the same extent. Because remember, cybersecurity systems are complex things. First, you need the keys, then you need the locks, then you have other things around it like people's weaknesses, you and I might be bribed. But at least at the fundamental level, the key now can be made safe from the threat of quantum computers because it's not deterministic.
MH: Well, hang on. Back up, back up. If one of the reasons why we don't have to fear cryptography being cracked with quantum computers anytime soon is that it's going to take a very specific and wealthy bad actor to be able to get a quantum computer in the first place. If the solution to hacking quantum via quantum computers is having another quantum computer, I'm not going to be able to walk down to my nearest electronic store and pick up a quantum computer anytime soon so that I can engage in the new version of cryptography that protects me against quantum computers. How do we square that circle? How do we build in quantum level cryptography now?
IK: Yes, yes. And I wouldn't put it past certain organizations as well. I mean, the world that you and I live in is full of organizations that are not in North Korea or in other rogue states, but they do things that you and I find appalling. The way in which our data is harvested is absolutely uncontrolled. Everything we do on our phones is bought and sold many, many times. We just don't pay attention to it. But coming back to quantum, one of the interesting things is the proliferation of software development kits for quantum, which are in the open source.
There are literally millions of people, some kid in, I don't know, Rio de Janeiro or I don't know where you are, Michael, but some kid 100 meters around the corner from where you are will have access. And we have seen over the course of history how some individual will actually have an insight and be able to use it. And whereas all the money in the world, you could have a room full of 100 PhDs and they might not have the same insight. We are at the very early stages. I think it's as possible that some young kid in Calcutta will find some usefulness and ability than it is that you and I. And the reason is, as I've said, unlike in previous technologies, these software development kits, which are quantum is counterintuitive and young kids are nothing if not counterintuitive. First order logic doesn't count in programming languages for quantum. So, I think that risk is out there.
A child of Hollywood and its strangely intersectional cultural landscape (her godfather was Igor Stravinsky), Babitz was first noticed in 1963, while in her early 20s, as the subject of a famous photograph, appearing nude while playing chess with the fully-clothed French artist Marcel Duchamp. (Her face was not visible, but her breasts certainly were.) She designed album covers for Atlantic Records, for Buffalo Springfield, The Byrds and Linda Ronstadt; hobnobbed with the rich and famous (introducing Salvador Dali to Frank Zappa); and dated a stream of celebrities (she convinced boyfriend Steve Martin to wear a white suit for his comedy act). And she wrote navel-gazing tell-alls with a disarming lack of pretension or self-censorship, contributing to such publications as Rolling Stone and Vogue. 2ff7e9595c
Comentarios