Are you imagining an attacker who genereates a new DSS key from scratch for each trial? Enumerating DSS keys is cheaper than that.
Preparation: (1) Choose group parameters p, q, g (2) Choose a random x in 1 < x < q (3) Find y = g^x Loop: (4) Hash the resulting key to see if it matches (5) If it doesn't, set x <- x + 1, y <- gy and go back to step 4
There are also tricks you can do to enumerate many RSA keys rapidly but they aren't quite as simple.
With 64-bit IDs and a single target you're talking about something a little like the successful RC5-64 crack - but easier, since that was a good few years ago now. But remember that multiple targets makes it easier - if my goal is only to imitate any key in a population of a million, then the task is a million times easier. 32-bit IDs will probably take under a second. With 64-bit IDs and a target population of a million, I have to do 2^44 work to get a match, which is easily within the range of a lone, unfunded attacker.
So - 32-bit identifiers are only barely human-memorable and are miles from being securely unique, while 64-bit identifiers are neither human memorable nor securely unique.
I have no idea what your second paragraph is supposed to mean. And I giggle at your last sentence!
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
Re: Zooko's triangle
Date: 2007-03-01 09:31 am (UTC)Preparation:
(1) Choose group parameters p, q, g
(2) Choose a random x in 1 < x < q
(3) Find y = g^x
Loop:
(4) Hash the resulting key to see if it matches
(5) If it doesn't, set x <- x + 1, y <- gy and go back to step 4
There are also tricks you can do to enumerate many RSA keys rapidly but they aren't quite as simple.
With 64-bit IDs and a single target you're talking about something a little like the successful RC5-64 crack - but easier, since that was a good few years ago now. But remember that multiple targets makes it easier - if my goal is only to imitate any key in a population of a million, then the task is a million times easier. 32-bit IDs will probably take under a second. With 64-bit IDs and a target population of a million, I have to do 2^44 work to get a match, which is easily within the range of a lone, unfunded attacker.
So - 32-bit identifiers are only barely human-memorable and are miles from being securely unique, while 64-bit identifiers are neither human memorable nor securely unique.
I have no idea what your second paragraph is supposed to mean. And I giggle at your last sentence!