
Break a dozen secret keys, get a million more for free (2015) - ColinWright
https://ecrypt-eu.blogspot.com/2015/11/break-dozen-secret-keys-get-million.html
======
whyever
This is from 2015.

~~~
ColinWright
Thanks for noticing.

For everyone else, has the situation got better?? Or has it got worse? Would
someone more experienced and/or qualified care to comment?

I know a bit, but not enough.

~~~
josephmosby
Two researchers at DEF CON this past weekend showed that the situation is
better but people are still using old tech for their crypto. So, better
mathematically, but not practically.

Slides are here off the DEF CON media server:
[https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20pre...](https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Nils-
Amiet-and-Yonal-Romailler-Reaping-and-breaking-keys-at-scale-when-crypto-
meets-big-data.pdf)

~~~
paulpauper
It has nothing to do with age. if it cant be cracked it cant be cracked.
choose 12 words at random from a small dictionary, write em' down somewhere
safe and secret, and forget about it. That will work forever. Overkill
security is better than trying to find the computational limit and then going
one bit above that. keys are cracked when the process of generating them is
flawed or the key is not big enough. That's why bitcoin private keys are so
long and why 12 words are used even though 8 would probably still be enough.

------
andrewflnr
The title is a tiny poem.

------
mikec3010
> even though a 280 attack will break somebody's AES-128 key out of a batch of
> 248 keys.

Yeah, "somebody's", but what does the average somebody have that's worth
cracking their encryption over? It seems to me that most cryptanalysis threat
models would be very specifically targeted: what is the President saying on
his secure line? Where are the submarines being dispatched? What are the
corporate earnings or fed rate decisions going to be?

Trawling thousands of encrypted connections and cracking one or two is a
pretty cool feat,but probably not valuable enough to recoup the costs or yield
anything of extraordinary value.

~~~
tlb
A nation-state actor that could read a random 0.0001% of another country's
internal communications would have a decisive advantage. The number of big
secrets flying around is enough that you'll get a few of them.

