Slashdot Mirror

← Back to Stories (view on slashdot.org)

Weak Elliptic Curve Cryptography Brute-Forced

Posted by timothy on from the 100-billion-dollars-for-the-next-contest dept.

thegrommit writes "It seems one implementation of elliptic curve cryptography has been broken. It took four years to break a 109 bit key, but the contest sponsors (who provide encryption products for Cisco, Nortel and Palm among others) believe it's still impossible to break their 163 bit keys. The real question is, for how long?" Update: 11/07 01:59 GMT by T : Dan Kaminsky wrote to point out that the key here was really brute forced, and not broken -- that is, no fundamental flaw was discovered in the algorithm.

3 of 270 comments (clear)

  1. Impossible is relative by vee-dub.net · · Score: 0, Redundant

    We've seen time and time again as encryption gets stronger and better that breaking the 'impossibility' of breaking it merely depends on the computing power available.

    I wonder what they really mean by 'impossible'?

  2. More info by blu3b3rry · · Score: 2, Redundant

    http://www.nd.edu/~prinfo/news/2002/10-29c.html http://www.nd.edu/~cmonico/eccp109/ This thing was solve on 10-15.. Kinda old news

  3. A little math by Pedrito · · Score: 2, Redundant

    Okay, let's do some math here. The guy used 10,000 computers and he won $10,000. It took 549 days to crack it. Okay, well, that's $1.00 per computer, so that works out to a little under 0.2 cents per day per computer. Now subtract the cost of electricity, and how much did he make? Hmmm, that was worthwhile.

    I mean, it's one thing if you don't know if it can be done, then you get the thrill of proving it can be done, but if you're just brute-forcing the damn thing, which it sounds like what happened here, then all I can say is, what a waste.