If 128-bit Encryption is secure enough for our financial
e-transcations, then is it not likely that the ungodly will use it for
their own nefarious purposes and, if so, can we be confident that the
Men-in-Black at Fort Meade and Cheltenham can break the encryption
with ease?

---

Request for Question Clarification by ephraim-ga on 14 Sep 2003 07:17 PDT

Probonopublico,

Would you accept data regarding the strength of 128-bit encryption as
an answer? Do I need to make specific reference to "Fort Meade and
Cheltenham" or are you just looking for general information about
encryption strength?

/ephraim

---

Clarification of Question by probonopublico-ga on 14 Sep 2003 08:28 PDT

Hi, Ephraim

Just do your stuff!

I think I know the answer but I would like an expert's view ...

Thanks & regards

Bryan

Bryan,

It's not just the number of bits that's important to understand the
strength of encryption, but also the encryption algorithm as well. The
most common encryption algorithm in use for electronic transactions
which use web browsers on the internet is RC4, developed by Ron Rivest
of RSA Labs.

Web browsers use a technology called SSL (Secure Socket Layer),
developed by Netscape, to communicate securely. "The SSL protocol is
able to negotiate encryption keys as well as authenticate the server
before data is exchanged by the higher-level application. The SSL
protocol maintains the security and integrity of the transmission
channel by using encryption, authentication and message authentication
codes," according to RSA Lab's FAQ at [
http://www.rsasecurity.com/rsalabs/faq/5-1-2.html ]. SSL can support
many different encryption algorithms, but one of the most common in
current use is one called RC4.

As a sidenote, I'd recommend reading RSA Lab's FAQ in its entirety, if
you get the chance. While one of its main purposes is to explain their
products, it does give a superb introduction to cryptography for the
layman (though just a bit of university-level mathematics is useful in
understanding everything). You can find the menu for the FAQ at [
http://www.rsasecurity.com/rsalabs/faq/sections.html ]. If you have
extensive amounts of free time on your hands and want to read even
more about cryptography, you can spend quite a bit of time parsing the
Cryptography FAQ at [ http://www.faqs.org/faqs/cryptography-faq/ ].


If you've decided to not read those FAQs, then I'll continue here with
an explanation of the bit-length of keys. (If you actually did read
all that, then get yourself a nice strong drink to deal with the
headache all that information overload must have caused, and then
continue here.)
Fortify.net provides software which improves US "export-grade"
encryption to safer standards. (US export law has been relaxed over
the years, so 128-bit is now standard, according to the fortify.net
FAQ.) Their FAQ page has a great explanation over the difference
between 40-bit encryption (the old, very insecure, export-grade
standard) and 128-bit encryption. According to [
http://www.fortify.net/README_main.html#confused ],

Another sidenote: Better encryption standards could not be exported
because the US Gov't considered them "munitions" just like nuclear
weapons. (OK, I'm oversimplifying things a bit, but you get the basic
idea.)

"What's all this about RSA/RC4/40-bits/512-bits/symmetric keys? I'm
confused.

To cut a long story short, there are two types of keys used by
Netscape. One is a "secret key", which encrypts and decrypts your
transmitted data. The secret key is generally between 40 and 168 bits
in size, depending on the cipher involved."

The FAQ continues:

"How strong is a 40 bit secret key anyway?

It is feeble.

Netscape Communications peg the computation effort to exhaustively
search a 40 bit key at approximately 64 MIPS-years (MIPS = millions of
instructions per second). This means that it would take a 1 MIPS
computer 64 years to find a 40 bit key value. A 64 MIPS computer would
take one year to do the same task. Two such computers would need 6
months of computation. And so on.

Digital Equipment Corporation announced in July 1996 a version of its
64-bit Alpha 21164 RISC chip that is capable of 2000 MIPS. Hook
together, say, four CPUs of this power, and you have a machine that
can exhaustively search a 40-bit key space in (64 * 365) / (2000 * 4)
= 2.92 days. On average, a key search will reach its goal in half the
maximum search time, i.e. 1.46 days. This is a crude example. The
inescapable conclusion is that large corporations, governments, and
intelligence agencies already have the ability to break 40-bit keys in
real-time. The encryption is transparent - like using glass windows
against a peeping tom."


Here's a layman's summary of the above, in case you need one:

* 40-bit encryption was the old standard which was the best encryption
US companies were allowed to export at that time.

* In 1996, a computer existed which would could crack a 40-bit key in
a maximum of less than 3 days, and would usually take about 1.5 days
to solve the puzzle.

* Conclusion: If you protect your financial records with a 40-bit key,
I sincerely hope that you have huge amounts of insurance and
immeasurable time to clean up the mess afterwards.


So, I've given you a baseline of the old 40-bit encryption standard.
So, how much stronger is 128-bit encryption? Netscape, which pioneered
the SSL standard, provides us with the answer at [
http://help.netscape.com/kb/consumer/19971208-6.html ].

"What is the difference between 128-bit and 40-bit encryption?

Answer:

The main difference is that 128-bit encryption provides a
significantly greater amount of cryptographic protection than 40-bit
encryption. With the increasing computing power of potential
criminals, it is becoming more necessary to employ larger keys, as
evidenced by a recent study by several leading cryptographers.

In terms of what the numbers represent, "128" and "40" bit encryption
refer to the size of the key used to encrypt the message. Roughly
speaking, 128-bit encryption is 309,485,009,821,345,068,724,781,056
times stronger than 40-bit encryption. Presently, 40-bit encryption is
not considered "strong" security in the cryptographic community.
However, even taking into account Moore's Law, which states that
computing power doubles about every 18 months, 128-bit encryption
represents a very strong method of encryption for the forseeable
future.

Note:
Netscape products use a different key for every different
security-enhanced communication, regardless of key size. This means
that even if criminals were to devote significant resources and time
toward breaking a key for one encrypted communication, the discovered
key would be useless for other communications."


So, how many days on average does it take to crack the 128-bit
encryption of your web browser? 1.5 days multiplied by that insanely
huge number above.

Another point I'd like to highlight is the note at the end of this
quote. Even if a cracker gets lucky and finds the key for a single
communication, this has no bearing on his ability to get lucky and
find the key for every other communication, because each separate
communication uses a different key!


Finally, I'd like to point you at a project that attempts to use the
latest computer technology to break various encryption algorithms.
This project allows us to see in real time the balance between
ever-stronger computers and current encryption standards. It's called
Distributed.net and it allows users all over the internet to plug the
power of their individual computers into one enormous net-computer for
the purpose of breaking encryption. You can find the project's website
at [ http://www.distributed.net/ ], if you'd like to join in on the
fun.

And if you find that you really enjoy letting your computer run random
distributed computer projects, feel free to join the search for
extra-terrestrial aliens and get a cool screen saver in the process: [
http://setiathome.ssl.berkeley.edu/ ].

I hope I've managed to answer your question. Please ask for
clarification as needed.

/ephraim


Search Strategy:

[ http://search.netscape.com/nscp_results.adp?source=NSCPTop&query=%22128%20bit%22%20%2240%20bit%22%20encryption%20netscape&x=0&y=0
]
Netscape Search powered by Google: "128 bit" "40 bit" encryption
netscape

[ ://www.google.com/search?as_q=128+bit&num=100&hl=en&ie=UTF-8&oe=UTF-8&btnG=Google+Search&as_epq=encryption+faq&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images
]
Google Search: 128 bit "encryption faq"

[ ://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&as_qdr=all&q=%22128+bit%22+%22cryptography+faq%22&btnG=Google+Search
]
Google Search: "cryptography faq" "128 bit"

---

Clarification of Answer by ephraim-ga on 14 Sep 2003 18:21 PDT

Bryan,

I just wanted to clarify one of my comments above:

"So, how many days on average does it take to crack the 128-bit
encryption of your web browser? 1.5 days multiplied by that insanely
huge number above."

This would be true on the 1996 computer described in the original
example of 40-bit encryption. By today's computing standards, a 40-bit
key could be cracked in a fraction of the time of the 1996 example.
But that insanely huge number is still insanely huge, and even if our
computers today were 1000 times faster, it wouldn't make a difference!

/ephraim

---

Clarification of Answer by ephraim-ga on 14 Sep 2003 18:50 PDT

Uh, oh.

Upon re-reading your question (I'm one of those who tends to read and
re-read my answers even after they're posted), I've suddenly realized
that I may have completely mis-interpreted your question.

If I've provided the answer you wanted, please let me know.

If I have not, then please clarify, and advise as to whether you'd
like me to have my answer completely pulled, or if you'd prefer that I
just provide the information that's missing.

/ephraim

---

Request for Answer Clarification by probonopublico-ga on 14 Sep 2003 21:21 PDT

Hi, Ephraim

This is NOT a request ... Just a BIG THANK YOU.

I've glanced through your reply and it seems STELLAR (This means that
it deserves more stars than there are in the GA-laxy.)

However, I must have my brekkie first and a shower and take Daisy for
a walkie before I read your answer ...

I hope you can stand the excitement.

Kindest regards

Bryan

---

Clarification of Answer by ephraim-ga on 14 Sep 2003 21:47 PDT

Bryan,

Thanks for letting me know that I got it right...I realized afterwards
that you may have also wanted to know whether or not encryption could
be used for illegal activity and how easily that activity is to
detect. (I can supply you with an answer about this as well, btw.)

Just one curiousity point from me: I'm listening to your accent, and
having trouble discerning whether you prefer VB, MB, or XXXX. Please
advise.

/ephraim

---

Request for Answer Clarification by probonopublico-ga on 14 Sep 2003 23:06 PDT

Hi, Again, Ephraim.

Only just saw your last posting ...

QUOTE

I realized afterwards that you may have also wanted to know whether or
not encryption could be used for illegal activity and how easily that
activity is to
detect. (I can supply you with an answer about this as well, btw.)
 
END QUOTE

YES, please! (Would you like a Supplementary?

QUOTE

Just one curiousity point from me: I'm listening to your accent, and
having trouble discerning whether you prefer VB, MB, or XXXX. Please
advise.

END QUOTE

You've lost me ... VB, MB, or XXXX ???? ... Obviously in code and I
guess probably only 2-bit .... just to test me out?

Well, I'm stumped ... that's an English expression derived from
cricket ... Now, I bet that's fooled you, too .... Right?

---

Clarification of Answer by ephraim-ga on 14 Sep 2003 23:21 PDT

Bryan,

By "supplementary," do you mean by posting it as another question?
If you consider it an integral part of this question, let me know and
I'll give you a quick answer here. If you want something more complex,
then post it as a separate question (and put it to the attention of a
specific researcher, if you don't want it answered by the general
public).

As far as "VB, MB, or XXXX," they're beers. And if you aren't familiar
with them, I guessed wrong. :-) The word "brekkie" threw me off. Don't
worry about it.

/ephraim

---

Request for Answer Clarification by probonopublico-ga on 14 Sep 2003 23:35 PDT

Hi, Ephraim

Please see 255953.

Bryan

---

Clarification of Answer by ephraim-ga on 15 Sep 2003 09:49 PDT

Your other related question has also been answered.

Regards and thanks for the tip!

/ephraim

Wow, Ephraim, Many, Many Thanks.

You've delivered all that I asked and more ... and I haven't even got
round to reading the links yet .... but I will.

Now, it's your turn for some champagne ... You deserve it.

Kindest regards

Bryan

Can there be product out there that encrypt more than 128 bits?

In my serach I found this product that has the folloiwng
specification:

Strong security software solution for:
Network Security
Computer Security 
Internet Security 
Hard Disk Security 
Secure EMail

One-Time Pad - Keys are used only once for any message and then
destroyed. True One-Time Pad operation. The only keys considered
totally unbreakable

Selectable Key size up to 2048 bits (in 8 bit blocks)
Exceeds RSA's recommended minimum secure key length of 768 bits
Even stronger than US military specs of 1344 bits

Authentication using selectable hashing algorithms
Secure Hashing Algorithm (SHA-1) - 160 bits
Message Digest 5 (MD5) - 128 bits

Fast Streaming Cipher
RC4 Streaming cipher - widely used in commercial applications
including the Internet SSL, Microsoft Windows and Oracle SQL
Period of cipher greater than 2^1700 power

Totally Random Key Generation
No pseudo-random keys – All keys are generated from natural random
noise:

Radio signals from the stars
Radioactive Decay
Thermal noise 


I am uncertain how true is that.

You can read more at
http://www.willthegeek.com/features.htm

Interesting Comment, HighNoon ...

Many thanks.

Curiously, when I took my shopping cart to the checkout, I was asked
for my CC details on a 'non-secure' page.

I found that bizarre on a site that was offering security solutions.

Bryan

Cryptographic security is a complex question. You asked about key
sizes, for use with algorithms. And that's part of it. The AES
'break-off' project organized by NIST (formerly NBS) asked that each
submitted candidate be capable of using 3 key lengths and 128bits was
the shortest; the original request for submissions also asked for
several block lengths (ie, the size of the plaintext which is taken at
once and then repeated until there is no more plaintext). The chosen
encryption algorithm, now the Advanced Encryption Standard and
intended to replace DES (selected in 1976), is from Belgium. Several
of the submitted algorithms (and at least one of the 5 finalists) were
still more flexible in terms of variable key lengthts and variable
block sizes.
 
But from a security viewpoint, much of the concern about key length is
misplaced. For good algorithm designs (how can one tell one has a good
one?), and for good implementations (same question), with randomly
selected keys (how can one tell?), and with sufficiently large keys
(just how long? - depends on the state of the current computing art
and on the attacker's resources, and on the type of algorithm), the
chief security problem is not really direct attacks on the algorithm
(the glamorous codebreaking bit), but auxillary issues (often pretty
dreary unexciting stuff). NB: there are no good answers in practice to
any of the questions in parenthesis in this paragraph.

So, some very good algorithms are known to be vulnerable to particular
types of cryptanalytic attacks regardless of key length. So if the way
the cryptosystem (algorithms + protocols + user procedures) is used is
sloppy, information may become available to an attacker which will
permit one of the mentioned attacks against the encrption algorithm
used. Dumpster diving is a very low tech example as copies of printed
plaintexts (received or sent) or even disks (floppies, CDs, ...) with
the same are often foolishly discarded. Your cryptosystem may fail and
your secrets be revealed to the Bad Guys because someone was willing
to paddle among the bannana peels and dig out your discards.

More disturbingly for you (though not for an attacker), most computers
used for cryptographic work are themselves insecure, so with a little
enterprise an attacker can even avoid all those peels. A virus (or
Trojan Horse) installed in the computer you're using can provide keys
(no matter how long or short), plaintexts, ... Indeed, everything.
discarded hardware is often enough, if the attacker can wait for a
while. some MIT students recently went on a yard sale buying spree and
bought discarded computers. They found the most amazing variety of
confidential information on their harddrives. Financial information,
private correspondence, identity information, ... NSA is said to
insist that all hardrives which once had secret material on them be
run through the computer equivalent of a tree chipper and then soaked
in acid or solvent or both before they can leave Ft Meade as land
fill. Peter Gutmann at the University of Auckland wrote a paper a few
years ago demonstrating that even overwritten data on harddrives
(including perhaps your keys, plaintexts, ...) is still readable. And
note that most operating systems DO NOT erase data, but merely add the
disk area used for a deleted file to the 'free to use' list. On a big
harddrive, that chunk of disk surface might not be reused for months,
or ever. But even if you use, and properly configure, a better
operating system (ie, more secure) than the usual, and even if you
arrange that all deleted files are overwritten in the official DoD
manner (several times with carefully selected patterns of nonsense
data), and even if choose your cryptosystem properly (good design,
good algorithms, properly implemented, ...), and even if you use it
properly, you may still have problems. In recent years, the British
Secret Service (that's James Bond's folks!) and the US State
Department are both publicly known to have lost portable computers
with secret information on them. I personally know of a tower type
machine used in a major teaching hospital cardio-thoracic surgery
department (no spy secrets probably, but lots of confidential patient
information) which was simply stolen right out of the hospital. It's
happened to quite a few large companies too. And then there's system
penetration (ie, password cracking or theft) -- no need to actually
touch a piece of actual hardware. Just make copies of information
(your keys, perhaps?) remotely.
 
In short, I'd say that key length (though it's important they be 'long
enough') isn't the biggest security problem in the modern era.

Perhaps this helps shed a little light on the overall problem?

Great Comment, wwg, Very many thanks.

I posted another Question which you may not have noticed (no one else did) ...

http://answers.google.com/answers/threadview?id=367133

As you will see, I 'expired' it to prevent it dying a death ...

However, if you have a Comment, please post it here.

Kindest regards

Bryan

Like any code, the Gray code used by the US State Dept did not
directly provide for every possible meaning in a message. An example
is the Zimmermann Telegram in which, there being no code word meaning
Arizona, it was necessary to spell it out. When there is not an exact
code word, one must improvise (ie, paraphrase). When improvising it is
possible, as you note, to get the meaning intended slightly off.
Insisting on a close paraphrase presumably was intended to limit those
with poetic imaginations from soaring too freely into confusing
precis.

As for cryptanalytic consequence, you are correct in principle. During
WWII, the folks at Bletchley Park were very pleased to discover
'cribs' (ie, bits of plaintext) by guess or habit. One German station
was bored, and said so each morning in identical language for an
extended period of time. BP even arranged for some 'gardening' to
evoke some cribs when they needed them. In the case of a code (the
Enigma that BP worked on was a cypher machine), the technical problem
is somewhat different, but the principle is identical. If you know
that some message discusses the Ambassador's indescretion at the ball,
a paraphrase mentioning Mr Jones' mistake (when Jones is the Amb)
might be enough to uncover an the meaning of an additional code group
or a few.

This is not (quite) the same thing as sending one message in code A
and then repeating it in code B, for this situation may provide a
break into previously blacked out code B if the repetition is
suspected.

After all, anything, including the personal history of an Embassy code
clerk (ie, a girl friend's name or initials) may be significant in
cryptanalysis (and has been). Hope this illuminates some of your
question.

ww

Hi, wwg

Very many thanks for finding me here and giving me your thoughts on
'paraphrasing' the Gray Code.

This is much appreciated.

All the Best

Bryan