Needle in a Haystack .. 128bit Encryption

C

cerulean

Lately I have been interested in encryption, secure storage, etc and was attempting to grasp how large of a key space 128bit really is. I decided to use very fine sand (as defined by Wikipedia as being 1/16mm diameter) and see how much sand is 2^128 grains.

So I know 2^128 ~ 3.402 * 10^38

And assuming we are translating a 1/16mm diameter grain of sand into a sphere (probably not quite right, but should be sufficient for a volume measurement) ends up translating to ~8000 grains of sand per cubic mm.

There are 10^18 cubic mm in a cubic km and the Earth's volume is 1.08321×10^12 km3 (again, according to Wikipedia).

So (8000 grains per mm3) * 10^18 mm3 / km3 * 1.08321 x 10^12km3/earth = 8.6656 x 10^33 grains of sand / Earth (we are talking completely filled!)

3.402 * 10^38 (size of 128bit key) / 8.6656 x 10^33 grains per Earth = 39,267 earths.

Is that correct? A 128bit key space if converted into one key per one fine grain of sand would fill up 39,267 Earths?

Anyways, just my way of attempting to visualize the daunting task of a brute force attack against a AES-128 key ... Definitely interested in input if I messed up the math somewhere!
 
cerulean said:
and was attempting to grasp how large of a key space 128bit really is.[snip]
Is that correct? A 128bit key space if converted into one key per one fine grain of sand would fill up 39,267 Earths?
[snip]
Anyways, just my way of attempting to visualize the daunting task of a brute force attack against a AES-128 key ... Definitely interested in input if I messed up the math somewhere!
Click to expand...
A quick check doesn't reveal any major errors. It's still a rough estimate of course, but I'd say you're in the ballpark. It just goes to show how fast exponential growth really is.

Fonz
 
These numbers look good - and totally mind boggeling.

But I would not place any bet against a certain entity which is the world top employer of mathematicans and measures it's computing power in acres, not nodes.
 
Crivens said:
But I would not place any bet against a certain entity which is the world top employer of mathematicans and measures it's computing power in acres, not nodes.
Click to expand...
Understandable, but I'm with kpa on this one. Sheer computing power isn't the biggest concern anymore (feel free to repeat cerulean's computation for 256-bit or larger keys!). It's mathematical ingenuity (cryptanalysis revealing weaknesses in the cypher, leading to faster-than-brute-force attacks) and perhaps the development of a practical, real-world quantum computer (if you think that will ever happen, which is an entirely different discussion) that you should probably be more worried about.

Fonz
 
Brute forcing a perfect crypto algo will give you 256^N (N being the length of the document in bytes) of seperate documents which will contain all possible legal documents of the same length. Doing that is out of range for anyone known today. But it is said that Bruce Schneir creates his papers by using appropriate amounts of random and then decrypting it. :) But this is for perfect algorithms, something which is hard to prove. AES may not be perfect, but I deem it good enough for the next 5 years. But again, if this thing has a loophole, you can be sure of where the knowledge about it will be.

But on the other hand it only takes the 50 cent pice of lead pipe from the scrap yard to beat seven kinds of passphrase out of you. No need to spend 5 bucks. But let's not bend this thread into quantum, that is a completely different can of worms.
 
Crivens said:
But let's not bend this thread into quantum, that is a completely different can of worms.
Click to expand...
My bad, I've probably been playing too much quantum tic-tac-toe (yes, that exists) ;)

Fonz
 
You must log in or register to reply here.
Back
Top