On Friday 30 December 2011 19:40:55 夜神 岩男 wrote:
[snip]
> We can start a 10,000 computer botnet (or, more realistically, a 10m
> computer botnet these days, and this is a technique used right now)
> working on the problem of assembling a new index table that orders and
> assigns every possible valid hash said algorithm can produce, and start
> assigning values.
>
> Essentially, we can move the computing cost up-front by assuming that we
> indeed *do* have to try *every* possible password, which means computing
> done 5 years ago applies to your brand new password today.
[snip]
> In short, keys, man, keys. Its not perfect, but it is much stronger than
> passwords and in my experience FAR much less hassle.
You are basically saying that, given enough resources, you can precalculate
all hashes for all possible passwords in advance.
Can the same be said for keys? Given enough resources, you could precalculate
all possible public/private key combinations, right?
Please don't get me wrong --- I'm not saying that the resources needed are
equal (or even comparable) for the two cases.
But theoretically, both keys and passwords rely on the assumption that the
"inverse operation" (be it calculating a password from a hash or factoring a
large integer into primes) is too expensive to be feasible. But "given enough
time and resources", you could in principle have prebuilt tables for both,
right?
Just asking... :-) ...while waiting for the first successful build of a quantum
computer, which will fundamentally redefine all current concepts of security...
;-)
Best, :-)
Marko
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
