mailing list archives
Re: Introducing TGP...
From: Valdis.Kletnieks () vt edu
Date: Mon, 14 Jun 2010 11:51:32 -0400
On Mon, 14 Jun 2010 16:21:37 BST, lsi said:
Ancient crypto? You really have no effing clue, do you?
Whatever you use today, it will be ancient in 5 years.
PGP came out when? 1991. Will be a quarter century old in 5 years.
AES came out when? Standardized in 2001 after a 5-year process by NIST.
OpenSSL finally made it to 1.0 this year after a 12 year stint at 0.9.X (it
sat at 0.9.8 for 5 years).
Amazingly enough, they're all pretty much still going strong - mostly because
the crypto field moves pretty damned slowly. The general philosophy in crypto
isn't "It will be ancient in 5 years", it's "we won't even trust it for live
deployment until good people have bashed it for a decade".
On Mon, 14 Jun 2010 11:47:42 BST, lsi said:
Even if nobody finds a weakness in the algorithm you used, 5 years
from now I will probably have enough spare CPU to brute-force it
using my mobile phone....
Moore's Law doesn't move *that* fast.
What was the fastest commercially available processor in 2005? What is it
today? What gain was there over the last 5 years, and is there reason to
expect the next 5 to be any different?
More to the point - most mobile phones use ARM processors to keep the power
consumption down. As a result, they're a tad slower than what you'll find
in desktops and servers (hint - how well would your cell phone work if it
had to carrry around the heat sink a Core2 Duo needs?).
And what good drugs are you on that you think a cell phone processor 5 years
from now will have the CPU power that current moby-cluster supercomputers
have? (If we're on the verge of making those sort of advances, I want to
see what a Sony Playstation 4 can do in 2015. Yowza - holodeck time. ;)
Might be more cost-efficient to get to the holodeck using the drugs you're
on thought. ;)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/