YHBW.

[maradydd]

Observation just now from Radu Sion during the FC rump session: in the cloud, it costs about $5 million to brute-force 64 bits of symmetric key.

Comments

[jrtom.livejournal.com]

Presumably it depends on how parallelizable (or, since they apparently have a specific method in mind, parallelized) the computation is.

What I'd like to see is a graph of bucks-per-bits (i.e., how many $ does it take to brute-force a 96-bit key, and so on?).

[docstrange.livejournal.com]

Given a crypto algo without known weaknesses, it should double per extra bit, no?

[docstrange.livejournal.com]

(And given we're talking brute force, the weakness isn't relevant to the measurement...)

[jrtom.livejournal.com]

That's what I'd expect, yes. But what I expect is not always what is true, so it's good to have data that confirm (or deny) my understanding. Also, I'm not a cryptanalyst, so I don't know whether there are any nuances to the "double per extra bit" rule of thumb.

[vatine]

I think the right answer is "roughly". It depends on how much the extra key space influences the actual encryption. A typical example would be 3DES, with triple the number of key bits, for squaring the amount of effort to brute-force (as to exactly why that is, ask a cryptographer, I can sorta see it but not explain it).

[maradydd.livejournal.com]

I think he's done that, though it wasn't in the talk. 80 bits (IIRC, and this was three days and a continent ago) was something like $384B.