1. 5

    This is not a great way to analyze cryptographic algorithms. The grains of sand are a good analogy to use for brute force search, but cryptographic attacks are rarely equivalent to pure brute force search on the key space. There is more analysis that has to be done to find the effective key space you would have to search over to have an equivalent level of difficulty.

    You don’t need to be a math expert to know this, all the analysis has been done. According to NIST (the relevant paper is here), a 2048-bit RSA key is equivalent to a 112-bit search space, and according to ANSSI it’s equivalent to 100 bits.

    1. 1

      Thanks for the feedback, it’s my first post on the subject. But yes, I understand your point that it’s not the best way to explain it because of algorithms with sub-exponential running time for factoring integers and so on. But I’ve yet to be more familiarised with the details in it, and just wanted to try explain for myself and whoever wanted to read it how big numbers we’re talking about.

    1. 4

      Honestly I wish that people talking about crypto topics would stop using the “grains of sand” and such visualizations. I think it doesn’t necessarily reflect the concepts of scale very well as it doesn’t take into account how much of that “sand” we can process. It doesn’t really matter if there are more “pieces of sand than in the whole world” if I have buckets that can move all that “sand” in a month. I see no mention of Shor’s in here either, and ignoring the quantum situation seems like a mistake, and I highly suggest reading up on Post-quantum RSA.

      1. 3

        Post-Quantum RSA is more like an elaborate joke. If you really care about quantum-safe crypto you should look into things like ntru, rlwe, mceliece or hash-based signatures.

        1. 1

          Well, I agree actually, but do you got a better way to explain it for the general public?