

AES-256 Exponentially Easier to Brute Force Than Expected - DVNC_Joseph
http://www.thedvnc.org/newsblog/2014/6/9/aes-256-exponentially-easier-to-brute-force-than-expected

======
markbnj
I think the title is slightly misleading. I don't think they're saying that
the algorithm is exponentially easier to brute-force. Rather they are saying
there is exponentially more computing power available over the duration of the
attempt than previous calculations showed. Possibly the same result, but not
the same thing.

~~~
DVNC_Joseph
I agree, it's a bit sensationalist, but I think it's accurate to say that it
is exponentially easier to apply brute force than expected generally, with no
real specific relation to AES. And maybe the lack of expectation is really the
issue - we just don't look at the changes in compute capability enough, which
doesn't change how strong AES is, just our perception of it and how to design
security? But yeah, you're right, its not the same thing, and it can be
misleading.

------
wcoenen
Bruce Schneider's thermodynamic argument linked in the post (aka the Landauer
principle[1]) shows clearly that there is not enough energy available in the
solar system to feasibly brute force a 256 bit key.

So what exactly is being argued here then? That advances in computational tech
will break the Landauer limit?

It seems more likely that the exponential growth of computational capacity
will end soon.

[1]
[http://en.wikipedia.org/wiki/Landauer's_principle](http://en.wikipedia.org/wiki/Landauer's_principle)

~~~
DVNC_Joseph
What is being argued is that understanding the relationship (which is linear)
is more important and more useful than understanding the improbability.

~~~
x1798DE
It's not a straightforward linear relationship, though, it relies on
exponential growth in computing power to a point _past_ where physics allows
it to go. I think you need a specific assertion as to how it will be possible
to overcome the thermodynamics before you can make an affirmative claim that
it _is_ exponentially easier to brute-force AES than previously believed.

------
x1798DE
So if all computers ever made are were used and you added every PC fresh off
the line to the brute force attack, you could calculate a single AES-256 key
in just 100 years?! Better switch to 512-bit just to be sure.

~~~
DVNC_Joseph
lol, totally! Or we'll have no secrets from our grandchildren. I'm actually
surprised how much the data still supports the old 1996 study that said
90-bits is necessary +2/3 bits per year to maintain strength. It's less than a
decade for anything under 100bits, which is kinda the generally secure
duration if I remember correctly.

