Hacker News new | past | comments | ask | show | jobs | submit login

> If for example an application encrypts 2^48 messages under different 128-bit keys, and all messages start with the same few bytes, an attacker can build a lookup table, try and lookup the ciphertext of 2^64 keys, and have a 2^-16 chance to decrypt one message. Not good.

This is satire right? The computational and storage requirements to preform such an attack to just get a small probability of decrypting one message seem ludicrous.




Millions of terabyte disks of storage. Then repeat the attack a couple thousand times.

In cryptography, you don't want "ludicrously" infeasible, as in the NSA can just about afford the hardware and do it, you want astronomically infeasible.


And you want it to be so infeasible that even attacking a single message with perfect knowledge of all non-secrets is "astronomically infeasible".

Its not enough to just make it astronomically infeasible to attack everyone.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: