# Re: [tor-talk] NSA supercomputer

```George, thank for posting. And perhaps you should read a little closer
before you get critical....
I posted this question at the top of my post because I was looking for
someone like you, (well a little nicer) to help us with the math.
Also, I was only restating lectures that I have heard over the last two
years.

I think it is important to distinguish between Brute forcing the complete
cipher in a true sense, or as you say using an
"interesting attack".   You are correct new methods will be found and  many
of those methods will use Brute force as a component on some of the
variables in the attack.  So gobs of computing power + clever attack
strategies, will reveal new methiods.

So lets look at this from another view.   How fast does a computer have to
be to fully bruit force a 64,128,256 key?  ZettaFlops?  YottaFlops?
http://en.wikipedia.org/wiki/Flops           Lets assume a classical
computer.

George, crankup that abacus of yours and let us know.  I for one would be
very interested.
Or anyone else with big fat calculator?  My is the wimpy drugstore kind...

Thanks for the calculations above.
Andrew

On Fri, Apr 5, 2013 at 8:57 PM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:

> On Fri, Apr 5, 2013 at 6:51 AM, Andrew F <andrewfriedman101@xxxxxxxxx>
> wrote:
> > I would love to see an analysis of a 128 bit AES encryption VS a 10
> exoflop
> > computer. How long to crack it?  Anyone got the math on this?
> [...]
> > So what does this mean?   Any article that suggest that brute forcing
> > present day encryption is not possible should be taken with a grain of
> > salt.  While the article may be correct today, come September 2012, Utah
> [...]
> > I would love to see an analysis of a 128 bit AES encryption VS a 10
> exoflop
> > computer. How long to crack it?  Anyone got the math on this?
>
> You really should take just a _moment_ to do a little figuring before
> posting to a public list and consuming the time of hundreds or
> thousands of people.
>
> Lets assume that decrypting with a key and checking the result is one
> apples and oranges, I'll just grant you that one apple stands for all
> the required oranges).
>
> To search a 128 bit keyspace on a classical computer you would expect
> that on average the solution will be found in 2^127 operations.
>
> 2^127 'flops' / 10 exaflop/s =  2^127 flops / 10*10^18 flops/second =
> 17014118346046923173 seconds = 539,152,256,819 years.
>
> ...Or, about 39x the currently believed age of the universe.
>
> Surely with a lot of computing power there are many very interesting
> attacks— particularly in the domain of traffic analysis, weak user
> provided keys, discovering new faster than brute force attacks, etc.
> But to suggest that they're going to classically brute force a 128 bit
> block cipher is laughable, even with very generous thinking.
> Honestly, these other things are arguably far more worrisome but
> they're all just handwaving... which is all any of this discussion
> is...
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

```