Let's break this down clearly—this is a common point of confusion when navigating crypto security benchmarks, so I’ll walk through both parts with real-world context and standard industry reasoning.

1. The Rationale for Labeling 112-bit Algorithms Weak #

The core issue boils down to shifting computational capabilities and evolving security standards:

• Industry baseline has moved: Over the last 20 years, the minimum accepted secure symmetric key length has jumped from 80-bit to 128-bit. Groups like NIST now flag 112-bit security as insufficient for long-term protection, since it can’t withstand large-scale distributed computing or emerging quantum threats.
• Quantum computing vulnerability: For symmetric cryptography, Grover’s Algorithm (a quantum computing technique) cuts the brute-force complexity in half—turning 2^112 into 2^56. We already know 56-bit keys are trivial to crack with classical hardware, so this makes 112-bit keys fundamentally unfit for future-proof systems.
• Classical hardware keeps getting better: Even with off-the-shelf GPUs or specialized ASICs, the 2^112 key space (about 5.2e33 possible keys) is no longer unassailable. Distributed clusters of these devices can make meaningful progress against this space in a timeframe that’s strategically or commercially relevant (think: decades, not millennia).

2. Realistic Brute-Force Crack Times for 112-bit Algorithms #

The exact time depends entirely on the hardware used, but here are practical scenarios:

• High-end consumer GPUs: A card like the RTX 4090 can do roughly 1 trillion (10^12) key checks per second for symmetric algorithms. At that rate, cracking a 112-bit key would take ~5.2e21 seconds, or about 164 trillion years. That sounds impossible, but this assumes a pure brute-force attack on a well-designed 112-bit algorithm.
• Specialized ASICs: Purpose-built cracking hardware (similar to Bitcoin mining rigs) can push this to 1 quadrillion (10^18) operations per second. Now the time drops to ~5.2e15 seconds, or about 164 million years. Still a long time, but when you scale to thousands of these ASICs in a distributed network, the timeframe shrinks significantly.
• Critical caveat for specific algorithms: Not all "112-bit" algorithms are created equal. Take 3DES, for example—it uses three 56-bit keys (marketed as 112-bit effective strength) but is vulnerable to meet-in-the-middle attacks. This reduces the effective cracking complexity to 2^56, which a modern ASIC could crack in hours or even minutes. That’s why 3DES is widely considered obsolete today.

Remember: "reasonable" crack time is context-dependent. A government or large organization might view a decade-long attack as feasible for strategic goals, while consumers care about attacks that can be done in days or weeks. Either way, 112-bit fails to meet the current standard for secure, future-ready cryptography.

内容的提问来源于stack exchange，提问作者Nitin_Ramesh