Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Time Expiry Alogorithm??
From: Anders Langworthy <hades () psilanthropy org>
Date: Fri, 19 Nov 2004 12:50:58 -0600

Pavel Kankovsky wrote:

If a certain deterministic computation (e.g. decryption) can be made in
time T, then it can be made in any time T' > T.

This is true for breaking a cipher by brute force, but it doesn't account for (stop looking at me) somehow incorporating a timestamp into the encryption scheme to prevent 'legit' decryption after a certain time.

Note that what Gautam wants, namely a time-expiring cipher, cannot exist without some third party to provide validation and a timebase. This is what Kerberos does. Otherwise I can just set the clock back on my system and decrypt your damn message anyway.

On the other hand, the power of hardware as well as the knowledge of
cryptanalysis oincreases as the time passes, ergo any cipher is going to
expire...in the sense someone will become able to break it and recover the plaintext without the (a priori) knowledge of the encryption key.

I'm going to disagree as politely as possible. As an example, using RSA with 1024 bit keys allows for around 10^150 possible primes. Compare this to the 10^70 some atoms in the known universe to see how disgustingly big that number is. Cracking this encryption scheme by searching the keyspace is laughable. Increase the keysize even a little bit from that and there are arguments that the universe doesn't even hold enough *energy* to allow for searching that kind of keyspace.

Now the other possibility: That somebody discovers a better way to factor primes (please don tinfoil hats before replying to tell me that the NSA has already done this, in Area 51, with help from Elvis). Mathematically, this is a very remote possibility, as factoring primes is probably an NP problem, and P is probably not NP. Neither of these has been proven, however.

Even allowing for the miniscule possibility that there is a shortcut to factoring primes, that doesn't necessarily mean that factoring huge primes will be an easy task. Using larger keys will still provide a measure of security.


The classic crypto primer:

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]