SSL vs. The Universe.
July 10, 2012 11:51 AM Subscribe
SSL vs. The Universe A few concessions were made in the creation and visualization of these materials. The Big Bang shown is simply an artistic interpretation of the event. Most experts agree that there was no giant “explosion” at the start of time. The math.
man, I just don't know about this. Does it take into account advances in computing technology?
posted by rebent at 11:58 AM on July 10, 2012
posted by rebent at 11:58 AM on July 10, 2012
I'm not sure why you chose that quote, as it's a distracting digression. But, as it's distracted me, I'll mention that I wish that "they" had chosen a moniker other than "Big Bang", because that badly misleads almost everyone.
I was going to say that they could be forgiven because I thought the evidence for an expanding universe predated a good theory of how it began; but now that I just looked it up I realized that General Relativity predated the evidence (well, of course I knew that), already indicated a possible expansion (I knew this at one time and had forgotten), and provided a framework for the expansion that is the expansion of the universe and not an "explosion within an empty universe", which is how most laypeople misunderstand the Big Bang. But then also there's the cosmic microwave background radiation which also just makes people think of an explosion. And, well, the early universe was highly energetic, which also confuses the issue. Even so.
posted by Ivan Fyodorovich at 12:08 PM on July 10, 2012
I was going to say that they could be forgiven because I thought the evidence for an expanding universe predated a good theory of how it began; but now that I just looked it up I realized that General Relativity predated the evidence (well, of course I knew that), already indicated a possible expansion (I knew this at one time and had forgotten), and provided a framework for the expansion that is the expansion of the universe and not an "explosion within an empty universe", which is how most laypeople misunderstand the Big Bang. But then also there's the cosmic microwave background radiation which also just makes people think of an explosion. And, well, the early universe was highly energetic, which also confuses the issue. Even so.
posted by Ivan Fyodorovich at 12:08 PM on July 10, 2012
this assumption is based on a 2.2 Ghz AMD Opteron processor with 2GB RAM
If reading about BitCoin mining has taught me anything, it's that if you want to use normal everyday hardware for these sorts of things you're much better off using your graphics card than your CPU. Use a Radeon 5770 and that should shave off a few quadrillion years at least.
posted by burnmp3s at 12:10 PM on July 10, 2012 [2 favorites]
If reading about BitCoin mining has taught me anything, it's that if you want to use normal everyday hardware for these sorts of things you're much better off using your graphics card than your CPU. Use a Radeon 5770 and that should shave off a few quadrillion years at least.
posted by burnmp3s at 12:10 PM on July 10, 2012 [2 favorites]
*Assuming that you are going to bother with a brute-force attack, instead of finding another method of forging the certificate...
posted by KGMoney at 12:10 PM on July 10, 2012
posted by KGMoney at 12:10 PM on July 10, 2012
Does it take into account advances in computing technology?
No. Their math does not take into account the likely advances in computer performance or advances in the effectiveness of cryptanalysis (they base their calculations on the performance of a 2.2 Ghz AMD Opteron processor with 2GB of RAM). However, cryptographer's have tried to make estimates that include those factors. Well regarded estimates suggest that a secret encrypted today with a 2048-bit asymmetric key (as touted by Digicert) will only be adequately secured until 2030, at the latest.
posted by RichardP at 12:14 PM on July 10, 2012 [5 favorites]
No. Their math does not take into account the likely advances in computer performance or advances in the effectiveness of cryptanalysis (they base their calculations on the performance of a 2.2 Ghz AMD Opteron processor with 2GB of RAM). However, cryptographer's have tried to make estimates that include those factors. Well regarded estimates suggest that a secret encrypted today with a 2048-bit asymmetric key (as touted by Digicert) will only be adequately secured until 2030, at the latest.
posted by RichardP at 12:14 PM on July 10, 2012 [5 favorites]
I think it's a perfectly fair figurative description to say that the big bang was an explosion, just like it's fair to say that the sun's a 'burning' ball of gas. Of course, the big bang wasn't a detonation in the technical sense, and neither is the sun combusting, but as qualitative descriptions of the outward appearance of these events, I think explosion and burn are perfectly fine.
posted by Pyry at 12:16 PM on July 10, 2012 [1 favorite]
posted by Pyry at 12:16 PM on July 10, 2012 [1 favorite]
Feel safe, America, banking at home with IE7 from your PC running XP SP1 with a 90-day McAfee trial that expired in 2005 and 6-year-old versions of Flash, Acrobat Reader and Java. Nobody will crack your bank's SSL certificate.
posted by Blue Meanie at 12:20 PM on July 10, 2012 [20 favorites]
posted by Blue Meanie at 12:20 PM on July 10, 2012 [20 favorites]
Not an explosion. According to the math it was more like "Let there be light. And there was light. And then the light was much bigger, very quickly. Whoa!"
posted by msalt at 12:22 PM on July 10, 2012 [1 favorite]
posted by msalt at 12:22 PM on July 10, 2012 [1 favorite]
How is this anything more than an advert for DigiCert (and one that relies on laughably simplistic assumptions, at that)?
posted by anigbrowl at 12:23 PM on July 10, 2012 [6 favorites]
posted by anigbrowl at 12:23 PM on July 10, 2012 [6 favorites]
Adding onto RichardP's excellent points, you should probably also take cryptography powerhouses like the NSA into account as well. Considering their vast funding, access to hardware and crypto-analysts, one can assume an estimated date earlier than 2030 for them.
posted by I Havent Killed Anybody Since 1984 at 12:25 PM on July 10, 2012
posted by I Havent Killed Anybody Since 1984 at 12:25 PM on July 10, 2012
I think "all the energy in the universe packed into a small space that expanded absurdly fast" qualifies as an explosion at least in the figurative sense.
posted by Pyry at 12:32 PM on July 10, 2012 [4 favorites]
posted by Pyry at 12:32 PM on July 10, 2012 [4 favorites]
Oh yeah!? Watch these guys HACK THE DATABASE!
posted by surazal at 12:38 PM on July 10, 2012 [1 favorite]
posted by surazal at 12:38 PM on July 10, 2012 [1 favorite]
Pshaw. Just create a GUI using Visual Basic. Works every time.
posted by ChurchHatesTucker at 12:43 PM on July 10, 2012 [3 favorites]
posted by ChurchHatesTucker at 12:43 PM on July 10, 2012 [3 favorites]
If you have time travel, I think you might be able to do better than a modern desktop computer...
posted by BungaDunga at 12:44 PM on July 10, 2012
posted by BungaDunga at 12:44 PM on July 10, 2012
This is why I laugh whenever I visit my bank's website and Firefox alerts me that the certificate is untrusted. Does anyone know how to disable that stupid warning? It's super annoying to have to click through it each and every time I access my account to count the money my Nigerian friend sent me for safe keeping. Don't the Mozilla developers know how secure SSL is? I think they could learn something about encryption by going to this site.
posted by RonButNotStupid at 12:50 PM on July 10, 2012 [8 favorites]
posted by RonButNotStupid at 12:50 PM on July 10, 2012 [8 favorites]
"man, I just don't know about this. Does it take into account advances in computing technology?"
Their calculations estimate about 6,442,449,061,461,101 years before likely success with a single contemporary desktop computer. A recent paper estimates that the world's computational capacity is about 6.4 × 1018 mips. The CPU assumed in this post is about 4,400 mips (millions of instructions per second). So, if we could use all the world's general purpose computers, then that would reduce it by a factor of 1.45 × 1015, implying that the entire world's general purpose computers, working together, could crack SSL in about 4.5 years.
Moore's Law, very loosely, is that computing power has tended to double every two years. Assuming that will be true, then in 20 years the world's general purpose computers will be about a thousand times faster than they are now. I don't know how many more general purpose computers will exist in twenty years, there could arguably be fewer. But, just for the hell of it, let's assume that the number will increase a thousandfold, too. So that's about a million times more mips than now.
So, given all that, twenty years from now, all the world's general purpose computers, working together, might be able to crack SSL in a bit more than two minutes.
Do you think we have anything to worry about with general purpose computers?
That said, quantum computing is a different story.
posted by Ivan Fyodorovich at 12:54 PM on July 10, 2012 [3 favorites]
Their calculations estimate about 6,442,449,061,461,101 years before likely success with a single contemporary desktop computer. A recent paper estimates that the world's computational capacity is about 6.4 × 1018 mips. The CPU assumed in this post is about 4,400 mips (millions of instructions per second). So, if we could use all the world's general purpose computers, then that would reduce it by a factor of 1.45 × 1015, implying that the entire world's general purpose computers, working together, could crack SSL in about 4.5 years.
Moore's Law, very loosely, is that computing power has tended to double every two years. Assuming that will be true, then in 20 years the world's general purpose computers will be about a thousand times faster than they are now. I don't know how many more general purpose computers will exist in twenty years, there could arguably be fewer. But, just for the hell of it, let's assume that the number will increase a thousandfold, too. So that's about a million times more mips than now.
So, given all that, twenty years from now, all the world's general purpose computers, working together, might be able to crack SSL in a bit more than two minutes.
Do you think we have anything to worry about with general purpose computers?
That said, quantum computing is a different story.
posted by Ivan Fyodorovich at 12:54 PM on July 10, 2012 [3 favorites]
"but as qualitative descriptions of the outward appearance of these events"
Part of the problem is that there's no "outward appearance" of the Big Bang. And, more importantly, the universe didn't get bigger because the matter was pushing against itself in an "explosion", but because spacetime itself got bigger. That is, the universe. Not the matter in it. The reason it's very misleading to think of it as an explosion is because it makes you think that the matter is what's important and what describes the totality of "the universe", which it emphatically does not.
Also, most of the expansion of the early universe occurred during the inflationary phase, which is even less like an explosion.
posted by Ivan Fyodorovich at 1:02 PM on July 10, 2012
Part of the problem is that there's no "outward appearance" of the Big Bang. And, more importantly, the universe didn't get bigger because the matter was pushing against itself in an "explosion", but because spacetime itself got bigger. That is, the universe. Not the matter in it. The reason it's very misleading to think of it as an explosion is because it makes you think that the matter is what's important and what describes the totality of "the universe", which it emphatically does not.
Also, most of the expansion of the early universe occurred during the inflationary phase, which is even less like an explosion.
posted by Ivan Fyodorovich at 1:02 PM on July 10, 2012
The real question is how long it would take a government to steal the CA's private key. I'm guessing a few hours with a rubber hose ought to do the job?
posted by jewzilla at 1:04 PM on July 10, 2012 [2 favorites]
posted by jewzilla at 1:04 PM on July 10, 2012 [2 favorites]
The NSA don't need no steenking badges....
Anyhow, explosion works for me, even if it's a sketch. How do you conceptualize an inside without an outside? Okay, so draw me one...I don't wanna see a klein bottle, either.
posted by mule98J at 1:07 PM on July 10, 2012 [1 favorite]
Anyhow, explosion works for me, even if it's a sketch. How do you conceptualize an inside without an outside? Okay, so draw me one...I don't wanna see a klein bottle, either.
posted by mule98J at 1:07 PM on July 10, 2012 [1 favorite]
I'm guessing a few hours with a rubber hose ought to do the job?
I doubt you'd even need to go so far as a rubber hose; I think a "sternly worded letter on fancy letterhead" would probably do the job.
Also, lawyers.
posted by Kadin2048 at 1:20 PM on July 10, 2012 [2 favorites]
I doubt you'd even need to go so far as a rubber hose; I think a "sternly worded letter on fancy letterhead" would probably do the job.
Also, lawyers.
posted by Kadin2048 at 1:20 PM on July 10, 2012 [2 favorites]
Does their math double the processing power and speed every two years?
posted by brenton at 1:31 PM on July 10, 2012
posted by brenton at 1:31 PM on July 10, 2012
If it's any consolation, the phrase "Big Bang" was not intended to be an accurate summary or description of the corresponding theory. It was intended as an insult.
Sir Fred Hoyle FRS (24 June 1915 – 20 August 2001)[1] was an English astronomer and mathematician noted primarily for his contribution to the theory of stellar nucleosynthesis and his often controversial stance on other cosmological and scientific matters—in particular his rejection of the "Big Bang" theory, a term originally coined by him out of ridicule for the main rival of his own theory.[2]posted by a snickering nuthatch at 1:43 PM on July 10, 2012 [1 favorite]
Moore's law is not expected to last indefinitely. It will come to a crashing halt at some point in the next decade or three. Of course, predictions of its demise have been famously wrong for many years, but it's not disputed that it will eventually end.
In a paper titled Dark Silicon and the End of Multicore Scaling, it is estimated that there's a remaining 7.9x speedup possible between now and 2024, which is 24 times less than Moore's law would predict. (And that's for algorithms that are naturally parallel -- very much not the case in general.)
Previous comment on estimating the task of factoring a RSA certificate.
posted by Rhomboid at 1:44 PM on July 10, 2012
In a paper titled Dark Silicon and the End of Multicore Scaling, it is estimated that there's a remaining 7.9x speedup possible between now and 2024, which is 24 times less than Moore's law would predict. (And that's for algorithms that are naturally parallel -- very much not the case in general.)
Previous comment on estimating the task of factoring a RSA certificate.
posted by Rhomboid at 1:44 PM on July 10, 2012
(And I should point out that that comment assumes a brute force approach which is obviously completely untenable no matter how much computing power you throw at it. More sophisticated number sieve approaches result in less work, but are still computationally infeasible. Of course, once you seal one hole it just makes the remaining holes more attractive targets, and security is about a process, and not about the math of certificates.)
posted by Rhomboid at 1:47 PM on July 10, 2012
posted by Rhomboid at 1:47 PM on July 10, 2012
I knew that Hoyle preferred a steady-state; I didn't know (or I forgot) that he coined "Big Bang". Given that the cosmologists knew from the beginning that characterizing it as a "bang" would be misleading, it doesn't surprise me to learn that it was a ridiculing coinage by an opponent.
To be fair to Hoyle, both the religious "creation" aspect and the catastrophist flavor of it and, hell, all sorts of other things about the Big Bang theory all rightly should have rubbed good scientists the wrong way early on. It's just that GR allows it and the evidence supports it in so many different ways. By the discovery and comprehension of the CMBR, there really was no excuse for being a holdout. But the thing about pre-eminent scientists is that they usually become conservative and eccentric in the later years and this is a pretty common story.
posted by Ivan Fyodorovich at 2:00 PM on July 10, 2012
To be fair to Hoyle, both the religious "creation" aspect and the catastrophist flavor of it and, hell, all sorts of other things about the Big Bang theory all rightly should have rubbed good scientists the wrong way early on. It's just that GR allows it and the evidence supports it in so many different ways. By the discovery and comprehension of the CMBR, there really was no excuse for being a holdout. But the thing about pre-eminent scientists is that they usually become conservative and eccentric in the later years and this is a pretty common story.
posted by Ivan Fyodorovich at 2:00 PM on July 10, 2012
> It will come to a crashing halt at some point in the next decade or three.
Well, computing as we know it now will. But who's to say we don't jump from binary to ternary, from atomic to quantum, etc... Predictions that calculate the theoretical limit of computing power always sound similar to me to calculations that state that you couldn't reproduce the functions of a human brain with a computer if you used every atom in the universe as a bit in the system. It begs the question, how do our brains fit in our heads then?
posted by brenton at 2:00 PM on July 10, 2012 [3 favorites]
Well, computing as we know it now will. But who's to say we don't jump from binary to ternary, from atomic to quantum, etc... Predictions that calculate the theoretical limit of computing power always sound similar to me to calculations that state that you couldn't reproduce the functions of a human brain with a computer if you used every atom in the universe as a bit in the system. It begs the question, how do our brains fit in our heads then?
posted by brenton at 2:00 PM on July 10, 2012 [3 favorites]
If all this is true, then why does MC Frontalot say that By 2025 a children’s Speak & Spell could crack it?
There are lots of ways that an RSA key might be factored before 1 trillion ABB, or whatever that chart went to:
There have been a lot of surprising weaknesses in public-key encryption. Many years ago, a bug in OpenSSL as configured by some major software vendors led to there only being a few tens of thousands of distinct private keys! More recently, I recall reading that a survey of SSL or SSH public keys allowed a surprising number of them to be factored—the reason for the factorability being that for unexplained reasons different sites shared one of the two prime factors of their private key with another system, an event which "shouldn't happen"™ due to the large number of primes (see my first bullet item and pleas wear tinfoil hat). Unfortunately, I didn't immediately find a reference to this research.
posted by jepler at 2:14 PM on July 10, 2012 [6 favorites]
There are lots of ways that an RSA key might be factored before 1 trillion ABB, or whatever that chart went to:
- identify and exploit a mistake in the key generation (for instance, if you can identify a way to try only 2^40 trial divisors instead of 'all of them', you would probably finish before the weekend)
- build a quantum computer that can run Shor's algorithm
- wait for the fruits of moore's law, as others have mentioned
- have secret knowledge of an efficient factoring algorithm for traditional computers
- plant bugs in individual client computers
- plant bugs in https servers
- add fraudulent CAs to individual computers
- coerce or trick software developers into adding fraudulent CAs to software they ship (e.g., operating systems, web browsers)
- coerce or trick software developers into including weaknesses in SSL clients or CA generation
- coerce or trick CAs into signing your fake certificates
- coerce or trick certificate holders or CAs into sending you the private parts of legitimate certificates
- exploit undisclosed weaknesses in other layers of SSL, such as SHA1 hashing or AES symmetric encryption
- use secret NSA knowledge like a polynomial-time solution to NSAT to break AES or SHA1 outright
- trick users into misunderstanding the degree or kind of protection offered by a specific website's encryption
- and probably a lot of things I haven't thought of
There have been a lot of surprising weaknesses in public-key encryption. Many years ago, a bug in OpenSSL as configured by some major software vendors led to there only being a few tens of thousands of distinct private keys! More recently, I recall reading that a survey of SSL or SSH public keys allowed a surprising number of them to be factored—the reason for the factorability being that for unexplained reasons different sites shared one of the two prime factors of their private key with another system, an event which "shouldn't happen"™ due to the large number of primes (see my first bullet item and pleas wear tinfoil hat). Unfortunately, I didn't immediately find a reference to this research.
posted by jepler at 2:14 PM on July 10, 2012 [6 favorites]
Aha: Crypto shocker: four of every 1,000 public keys provide no security
posted by jepler at 2:15 PM on July 10, 2012 [1 favorite]
posted by jepler at 2:15 PM on July 10, 2012 [1 favorite]
When I hear about cryptography like this I think, it's going to be turned into just one more tool to keep people from doing what they want with their own hardware, through something like boot certification or executable signing.
posted by JHarris at 2:19 PM on July 10, 2012
posted by JHarris at 2:19 PM on July 10, 2012
That's a whole lot of marketing, for a commandline argument.
posted by deo rei at 2:31 PM on July 10, 2012
posted by deo rei at 2:31 PM on July 10, 2012
That's really apples and oranges though -- the openssl fiasco was about a random number generator that had its entropy gathering code improperly removed because it looked like it wasn't doing anything. That has nothing to do with the fundamentals of RSA or DSA or any other algorithm, it was an implementation blunder.
posted by Rhomboid at 2:52 PM on July 10, 2012 [1 favorite]
posted by Rhomboid at 2:52 PM on July 10, 2012 [1 favorite]
Oh sure, the crypto is tight for at least a couple years, unfortunately the majority of people (your siblings, your parents, your bosses) depending on the SSL cryptosystem are utterly ignorant of how it works and how to best use it to ensure the safety of their data.
Cryptography is very rarely the weakest link in the chain and regrettably mathematics are better represented in cryptosystem design today than the damning human factors design.
posted by Matt Oneiros at 3:09 PM on July 10, 2012
Cryptography is very rarely the weakest link in the chain and regrettably mathematics are better represented in cryptosystem design today than the damning human factors design.
posted by Matt Oneiros at 3:09 PM on July 10, 2012
infographics of pretty much any type speak to having bored graphic designers more than someone wanting you to understand something visually. i think designers use them in place of mating plumage.
posted by gorestainedrunes at 3:13 PM on July 10, 2012 [4 favorites]
posted by gorestainedrunes at 3:13 PM on July 10, 2012 [4 favorites]
Hey I forgot my password what do I do?
posted by fuq at 3:38 PM on July 10, 2012 [1 favorite]
posted by fuq at 3:38 PM on July 10, 2012 [1 favorite]
It's worth pointing out that all this furrowed-brow insistence upon the non-explosive nature of the inception of the universe is overlooking the fact that the word "bang" does not mean "explosion." When you bang a drum, the drum, happily, continues to sit there, unexploded, waiting for the next bang. "Big Bang" implies startling suddenness, not any insistence upon explosive forces of rapidly expanding gases or what have you.
posted by yoink at 4:32 PM on July 10, 2012
posted by yoink at 4:32 PM on July 10, 2012
That's arguable about what bang can mean; but I promise you that 99% of all laypeople think that the Big Bang was a huge explosion, hurling matter in all directions, and something they visualize from a perspective "outside" the explosion. Some other name for this wouldn't be very successful in helping people understand what really happened, but it also wouldn't strongly encourage them to even more misunderstand it in the way they'd be inclined to do so, anyway.
posted by Ivan Fyodorovich at 5:50 PM on July 10, 2012 [1 favorite]
posted by Ivan Fyodorovich at 5:50 PM on July 10, 2012 [1 favorite]
So, nothing to do with Solid State Logic then.
posted by bongo_x at 6:03 PM on July 10, 2012 [1 favorite]
posted by bongo_x at 6:03 PM on July 10, 2012 [1 favorite]
calculations that state that you couldn't reproduce the functions of a human brain with a computer if you used every atom in the universe as a bit in the system. It begs the question, how do our brains fit in our heads then?
That calculation, if it was being put forward seriously and as-stated, is silly and wrong. But that's not really related to the conversation at hand.
Also, there are theoretical hard limits to computation, as a result of information theory and its intersection with quantum mechanics. (It requires a certain amount of energy to change a fundamental bit of information.) They are basically unrelated to practical engineering limits of silicon chips, or other types of real-world computing hardware, though.
If you go back and read articles written in the 90s, we are actually behind the Moore's Law curve that many people extrapolated at the time. IIRC, the 1999 MIT cryptographic time capsule suggested that by 2009 or so, computers would be up around 9 GHz and that this is where they'd top out before branching off into parallelism. Of course, we now know that's not the case: we hit about 4 GHz back in the Pentium 4 era, and then everyone decided parallelization was the way to go. Which is true for most day-to-day operations, but some cryptographic operations are specifically designed not to be parallelizable.
So it's entirely possible that computers could continue to get qualitatively "better" at virtually everything, but hit a performance ceiling when it comes to certain mathematical operations. This is basically what cryptographers try to guesstimate when they discuss the relative safety of various algorithms.
posted by Kadin2048 at 6:22 PM on July 10, 2012
That calculation, if it was being put forward seriously and as-stated, is silly and wrong. But that's not really related to the conversation at hand.
Also, there are theoretical hard limits to computation, as a result of information theory and its intersection with quantum mechanics. (It requires a certain amount of energy to change a fundamental bit of information.) They are basically unrelated to practical engineering limits of silicon chips, or other types of real-world computing hardware, though.
If you go back and read articles written in the 90s, we are actually behind the Moore's Law curve that many people extrapolated at the time. IIRC, the 1999 MIT cryptographic time capsule suggested that by 2009 or so, computers would be up around 9 GHz and that this is where they'd top out before branching off into parallelism. Of course, we now know that's not the case: we hit about 4 GHz back in the Pentium 4 era, and then everyone decided parallelization was the way to go. Which is true for most day-to-day operations, but some cryptographic operations are specifically designed not to be parallelizable.
So it's entirely possible that computers could continue to get qualitatively "better" at virtually everything, but hit a performance ceiling when it comes to certain mathematical operations. This is basically what cryptographers try to guesstimate when they discuss the relative safety of various algorithms.
posted by Kadin2048 at 6:22 PM on July 10, 2012
Kadin2048: "I doubt you'd even need to go so far as a rubber hose; I think a "sternly worded letter on fancy letterhead" would probably do the job."
I believe the big CAs don't actually have access to their own private keys. AIUI, they're generally generated by and stored in crypto chips that "can't" be read. When the CA wants to sign a cert, they ask the crypto chip to please generate a signature.
Obviously, there are likely to be attacks on the hardware which could reveal the key, but it's not as simple as popping it on a flash drive and handing it over.
posted by wierdo at 9:27 PM on July 10, 2012
I believe the big CAs don't actually have access to their own private keys. AIUI, they're generally generated by and stored in crypto chips that "can't" be read. When the CA wants to sign a cert, they ask the crypto chip to please generate a signature.
Obviously, there are likely to be attacks on the hardware which could reveal the key, but it's not as simple as popping it on a flash drive and handing it over.
posted by wierdo at 9:27 PM on July 10, 2012
Since the time required to crack a key is based on brute-force, isn't it just as valid to say that the key could be found in the first second and the 14 trillionth? Sure it will average out to trillions of years, but it's possible...
posted by blue_beetle at 9:53 PM on July 10, 2012 [1 favorite]
posted by blue_beetle at 9:53 PM on July 10, 2012 [1 favorite]
I could also be hit by a fire truck while sitting at my desk typing this comment. If so, I'll do my best to acknowledge that and click the post button before perishing. Regardless, it's exceedingly unlikely, although it is probably more likely than picking the right chip on the first draw from a bag with fourteen trillion chips in it. (Would a large bag of holding suffice?)
posted by wierdo at 10:39 PM on July 10, 2012 [2 favorites]
posted by wierdo at 10:39 PM on July 10, 2012 [2 favorites]
the reason for the factorability being that for unexplained reasons different sites shared one of the two prime factors of their private key with another system, an event which "shouldn't happen"™ due to the large number of primes (see my first bullet item and pleas wear tinfoil hat). Unfortunately, I didn't immediately find a reference to this research.
I remember that a range of home routers did that. They had cryptographically sound prngs which seeded off of stochastic events like incoming packets, but they generated the first prime for their key before they got around to initialising their network interface. So all those routers shared a factor for their keys.
posted by atrazine at 12:04 AM on July 11, 2012
I remember that a range of home routers did that. They had cryptographically sound prngs which seeded off of stochastic events like incoming packets, but they generated the first prime for their key before they got around to initialising their network interface. So all those routers shared a factor for their keys.
posted by atrazine at 12:04 AM on July 11, 2012
rhomboid, stuff like the openssl fiasco is exactly the point. If the goal is to secure communication, it doesn't matter how long the expected runtime of an algorithm like GNFS is on a 2048-bit prime on a particular computer. What matters is what the weakest point in the whole cryptosystem is. If it's a hopelessly brain-damaged seeding of a good CRNG (the openssl fiasco), that's enough to compromise the goal of secure communication.
posted by jepler at 5:40 AM on July 11, 2012
posted by jepler at 5:40 AM on July 11, 2012
NSA guy 1: "Did you see that infographic at Digicert about how it would take 6 quadrillion years to break a 2048 key?"
NSA guy 2: "Yeah, that was pretty funny."
NSA guy 1: "How long did it take you to break the lastest batch?"
NSA guy 2: "Not too long. I got hung up for a while on one that took over 30 seconds."
posted by double block and bleed at 6:27 AM on July 11, 2012
NSA guy 2: "Yeah, that was pretty funny."
NSA guy 1: "How long did it take you to break the lastest batch?"
NSA guy 2: "Not too long. I got hung up for a while on one that took over 30 seconds."
posted by double block and bleed at 6:27 AM on July 11, 2012
lastest = latest
We really need an edit window.
posted by double block and bleed at 6:29 AM on July 11, 2012
We really need an edit window.
posted by double block and bleed at 6:29 AM on July 11, 2012
What matters is what the weakest point in the whole cryptosystem is.
Well, obviously. I've already said that and and so have others in the thread. But that's not really the point of the link or the discussion. The point of the link was to show why the math behind RSA makes it such a bad target. Saying "But social engineering!" and "But implementation bugs!" and "But keyloggers!" doesn't say anything about the math, and it doesn't weaken RSA or TLS from an algorithmic standpoint, it's just pointing out alternative lines of attack, lines which are attractive because an algorithmic attack is so untenable.
posted by Rhomboid at 10:23 AM on July 11, 2012
Well, obviously. I've already said that and and so have others in the thread. But that's not really the point of the link or the discussion. The point of the link was to show why the math behind RSA makes it such a bad target. Saying "But social engineering!" and "But implementation bugs!" and "But keyloggers!" doesn't say anything about the math, and it doesn't weaken RSA or TLS from an algorithmic standpoint, it's just pointing out alternative lines of attack, lines which are attractive because an algorithmic attack is so untenable.
posted by Rhomboid at 10:23 AM on July 11, 2012
« Older Lance Armstrong: Victim? | Call Your Girlfriend, Tell Her You Need More... Newer »
This thread has been archived and is closed to new comments
posted by Potomac Avenue at 11:52 AM on July 10, 2012 [4 favorites]