YHBW.

[maradydd]

Observation just now from Radu Sion during the FC rump session: in the cloud, it costs about $5 million to brute-force 64 bits of symmetric key.

Comments

[mouser.livejournal.com]

That's both scary and sorta non-surprising...

[krfsm.livejournal.com]

What time-scale are we looking at? Or is this a pure time-vs-power tradeoff, so $5M buys me enough computations, either in parallel or over time, to brute-force? Five minutes but very visible to the cloud providers, or five days, but much less visible?

[vatine]

I think CPU pricing is in CPU seconds, so using X CPU for 2T is (approximately) the same as using 2X CPU for T (though there's probably a RAM charge that makes the total prices 2TX+2RT and 2TX+RT).

[krfsm.livejournal.com]

Why am I thinking of the Mailman from "True Names" here?

[jrtom.livejournal.com]

Presumably it depends on how parallelizable (or, since they apparently have a specific method in mind, parallelized) the computation is.

What I'd like to see is a graph of bucks-per-bits (i.e., how many $ does it take to brute-force a 96-bit key, and so on?).

[docstrange.livejournal.com]

Given a crypto algo without known weaknesses, it should double per extra bit, no?

[docstrange.livejournal.com]

(And given we're talking brute force, the weakness isn't relevant to the measurement...)

[jrtom.livejournal.com]

That's what I'd expect, yes. But what I expect is not always what is true, so it's good to have data that confirm (or deny) my understanding. Also, I'm not a cryptanalyst, so I don't know whether there are any nuances to the "double per extra bit" rule of thumb.

[vatine]

I think the right answer is "roughly". It depends on how much the extra key space influences the actual encryption. A typical example would be 3DES, with triple the number of key bits, for squaring the amount of effort to brute-force (as to exactly why that is, ask a cryptographer, I can sorta see it but not explain it).

[maradydd.livejournal.com]

I think he's done that, though it wasn't in the talk. 80 bits (IIRC, and this was three days and a continent ago) was something like $384B.

[maradydd.livejournal.com]

Yeah, he started by figuring out what a cycle costs in picocents in various environments. The cloud is far cheaper than desktops or even in-house server installations due to economies of scale -- it turns out that once you get above a certain size, power consumption outpaces the cost of support, which is traditionally the limiting factor.

[maradydd.livejournal.com]

$5M buys you enough computation and it parallelizes easily. He didn't discuss visibility, as it was a five-minute rump session talk, but I'm sure he'd be up for talking about that.