[2204] in cryptography@c2.net mail archive
Re: crypto on MMX
daemon@ATHENA.MIT.EDU (Amanda Walker)
Thu Feb 26 15:28:05 1998
Date: Thu, 26 Feb 1998 15:07:41 -0500 (EST)
From: Amanda Walker <amanda@intercon.com>
To: cryptech@Mcs.Net, perry@piermont.com
Cc: cryptography@c2.net
(cost * MIPS) / cm^3 is an interesting metric, but it's actually not
the main point of my original note, which was that expertise is no
longer necessary, just money. Granted, using off the shelf stuff
exclusively isn't the most cost effective approach, but it's now
conceivable, which it wasn't not that long ago.
If we add a relatively small amount of hardware expertise, the cost
and density plummet (and the feasibility rises correspondingly).
Michael Weiner just published an update to his USENIX paper in
RSA's "Cryptobytes" newsletter illustrating this. He notes that
using today's parts, the cost of goods for a cracker with an
expected search time of 2.5 days would be only $10K. That's about
the cost of a Hyundai :-). The one-time costs remain high, but
it would be interesting to see if the Internet could be harnessed
to provide aggregate brainpower as well as aggregated CPU power to
throw at the upfront one-time costs.
I keep thinking about the FPGA approach. Every time I get a new issue
of EE Times, it seems, there's a new ad from Altera or someone for parts
with even higher gate densities than the week before. Altera Flex 10Ks
are pretty cheap in quantity...
For that matter, is MOSIS still around? This could make a cool grad
student project :-)...
Amanda Walker
