On 4/15/2009 at 13:20, James Knott <james.knott@rogers.com> wrote:
With 128 bit keys, how long, on average, will it take to succeed? That's 340282366920938463463374607431768211456 possibilities and at 1 attempt per second, that will take 1.079028307080601419e+31 years, which is close enough to infinity for most people
Is 'close to infinity' the same as 'infinity'? And there are soo many assumption in this calculation: - 1 attack per second (botnet -> ???) - statistically, 50% of the keys are cracked in half the time (simple statistical distribution, which easily can be tweaked) I know what you mean and I would trust them too (more than a typical password)... BUT: bugs in the software (anybody remember the Debian bug???) can easily show that it's not that much work. So calling anything like this just infinite unbreakable is wrong and gives a feeling of security that might not exist. (nevertheless it should remain considered a valid option to access a server) A typical approach on 'brute force' is to reduce the used space. I think I have actually never seen a real brute force against my ssh server. It's typically based on dictionary attacks. (and your calculation ignores the fact of leap years, just a small detail). Dominique -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org