ietf
[Top] [All Lists]

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-13 10:13:47
On 9/12/13 2:07 PM, "Ted Lemon" <Ted(_dot_)Lemon(_at_)nominum(_dot_)com> wrote:

On Sep 12, 2013, at 1:49 PM, "Dickson, Brian" 
<bdickson(_at_)verisign(_dot_)com>
wrote:
In order to subvert or redirect a delegation, the TLD operator (or
registrar) would need to change the DNS server name/IP, and replace the
DS
record(s).

Someone who possesses the root key could in principle create a fake DNS
hierarchy with relatively few strategic changes, and present it only to
certain attack targets.   This would be expensive, but not impossible.
It would not work, for example, for dragnet-style surveillance.

I presume the "This", in respect to "expensive, but not impossible",
refers to the creating the fake hierarchy.

And that it does not refer to "possesses", as in acquiring the root key.

(Pedantic probability math follows.)

Excluding the direct methods of acquisition, let us consider the level of
effort involved in recreating the root key, by brute force.

We are looking at the average time to find a prime factor of a two-prime
composite number of length 2048 bits, which places it in roughly the 1024
bit range.


===

First, for convenience, I'll give you all the time from the Big Bang until
today, rather than the 5 year KSK key-roll window.
(That's roughly 2^88 seconds.)

Next, I'll also give you a factor of 2^100 for improvements in crypto key
cracking vs prime sieve.

And I'll also give you low-power CPUs at current high-clock-rates. 1 Watt
per core, 2^32 instructions/second.

And I'll also give you 1 guess per clock cycle.

And we'll go with an average prime density of 1/10 (1/(2^4) for LoE
purposes).


I'll now give you all the energy output from Sol, via a Dyson shell (solid
Dyson sphere around our sun, capturing all the energy released), about
3.846 × 1026 Watts, or 2^89 (rounding up to next power of 2). We'll ignore
the age difference of Sol (4.5 B vs 15 B).

There are maybe 10^24 stars, or 2^80. You can have them all.

Even if the vast majority of those were as big as it gets for main
sequence, ie. 500,000 x solar mass, that is only 2^19. Yours, for free.

So, putting a Dyson shell around every star, that has ever been, for all
time up until now, powering as many 1 W cpu cores at 4GHz as possible,
would have produced about enough guesses to cover the range of 2 through
2^(100 + 88 + 89 + 32 + 80 + 4 + 19), or 2^(412).

You would have had to been really lucky to guess one of the prime
components (I.e. to get the private key) -- 1/2^(812), or about 1/10^244.

That is one chance in:
100000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000

(Or, with commas, 
10,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,00
0,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,0
00,000,000,000,000,000,000.)

So, in short, "not impossible" would have to be considered an
extraordinary understatement.


And, if you happened to be that lucky, then yes, expensive but not
impossible.

Brian


<Prev in Thread] Current Thread [Next in Thread>