h a l f b a k e r yRenovating the wheel
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Let's say you have a credit card in your wallet with details on it protected by cryptography. Many people think that Government agencies can brute-force attack this cryptography and unlock their secrets. However, with this idea, your credit card will have a small symbol of the massive Three Gorges Dam
hydro-electric power plant on the back to give you a feeling of security and reassurance that no one will ever bother trying.
What's the point of this? Well, there is a fundamental lower limit on the amount of energy that is needed to flip a bit in a computing device (about 0.0178 electron volts, at room temperature - see link #1). Flipping through the bits to look at every possible solution for a
128-bit key would require 262.7 TWh (see link #2), ignoring any computation needed to test the solutions - or roughly the annual output of the 22.5GW Three Gorges Dam hydro-electric plant.
http://en.wikipedia...dauer%27s_principle
[hippo, Jun 11 2012]
http://en.wikipedia.../Brute_force_attack
[hippo, Jun 11 2012]
A better logo
http://polyp.org.uk...artoon_Rat_Race.jpg
following on from [lurch]'s suggestion... [pocmloc, Jun 11 2012]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
| |
The energy required for a brute force key search isn't all that relevant; cryptosystems are broken in practice by exploiting their structure to find attacks which are more efficient than brute force. |
|
| |
Yes, quite - (or more cheaply, crypto systems are broken by finding the guy with the key and threatening extreme violence) - but you can't deny that the energy limit to moving a bit from 1 to 0 or 0 to 1 is an interesting obstacle to brute-force attacks. |
|
| |
I wondered why my credit card has an image of a hamster in a wheel... |
|
| |
I find it poignant that, with all of the clever advancement
and powerful technology we have today, the strongest
encryption system is still the one-time pad (or electronic
equivalents thereof). |
|
| |
If I may try my hand at something that is not my forté: |
|
| |
If a credit card contained a small single-function chip and
miniscule power source, every card could be assigned a
unique 128- or 256-bit one-time key that would change
according to a simple Reimann formula every time a
transaction was made. Unless the data archives of the
credit card company were hacked from the inside (unlikely
at best), it would be practically unbreakable. It would be
totally immune to phreaking, since the phreaker would
have the information stored on the card at the time it was
surreptitiously scanned, but without the 'pad' written into
the hard memory of the card itself, would have no way of
determining the correct key when the card
number was challenged during an illicit transaction
process. |
|
| |
I really like the OTP idea, assuming it's really difficult to
conduct too many transactions in too short a time, or
that the card electronically blanks each group of bits as
it's used. The card could have an LED display for the user
to copy a number for internet use. I think output as 20
numbers and letters would be entropic and easy enough.
That idea deserves a separate posting. |
|
| |
I don't really know enough about math to support the idea,
but I know a bit about cryptography (educated layman).
Still, if you insist, I'll take a hack at it... |
|
| |
Goddammit, I just posted it. Oh well. |
|
| |
I'll keep my post up, because it's a little different...
probably not as good, but different. I'll bet you a quarter
theirs doesn't use Zeta-function algorithms. |
|
| |
I too don't think it's particularly a good idea to get hung up on the brute force attack, since it's basically the last thing you need to worry about - and is essentially trivial to specify when designing the system. |
|
| |
Alterother, I'm not clear on what your OTP credit card proposal does.
(Oh, this is now in it's own idea. Comment moved.) |
|
| |