How much compute power can be bought for a mean lifetime income spent all at once?
Consider the mean net present value of lifetime individual income. How much compute power can be bought (from cloud compute services) right now for that amount of money? What cryptography can be broken with that amount of compute power?
Let this be a rough estimate of the minimum cryptographic security you should make any system. Threat model: lone wolf attacker, making comfortably more than the mean income, who for possibly random reasons chooses to make it their life's work to attack your system.
Maybe instead of mean income, the value of (99th percentile lifetime income)-(50th percentile lifetime income): a lone-wolf 1-percenter is willing to drop to median income to attack your system.
We focus on individual attackers because once you start considering a coordinated group of attackers, then, as an extreme such group, you would need to consider a nation-state, or an entity with equivalent resources (e.g., Google), attacking your system. It's generally considered pointless for civilians to try to defend against them.
If you want your system to be secure for longer than just "now", you also need to account for compute power getting cheaper over the desired security lifetime of your system.
No comments :
Post a Comment