|
|
Subject:
128-bit Encryption
Category: Computers > Security Asked by: probonopublico-ga List Price: $5.00 |
Posted:
14 Sep 2003 00:47 PDT
Expires: 14 Oct 2003 00:47 PDT Question ID: 255635 |
If 128-bit Encryption is secure enough for our financial e-transcations, then is it not likely that the ungodly will use it for their own nefarious purposes and, if so, can we be confident that the Men-in-Black at Fort Meade and Cheltenham can break the encryption with ease? | |
| |
|
|
Subject:
Re: 128-bit Encryption
Answered By: ephraim-ga on 14 Sep 2003 18:05 PDT Rated: |
Bryan, It's not just the number of bits that's important to understand the strength of encryption, but also the encryption algorithm as well. The most common encryption algorithm in use for electronic transactions which use web browsers on the internet is RC4, developed by Ron Rivest of RSA Labs. Web browsers use a technology called SSL (Secure Socket Layer), developed by Netscape, to communicate securely. "The SSL protocol is able to negotiate encryption keys as well as authenticate the server before data is exchanged by the higher-level application. The SSL protocol maintains the security and integrity of the transmission channel by using encryption, authentication and message authentication codes," according to RSA Lab's FAQ at [ http://www.rsasecurity.com/rsalabs/faq/5-1-2.html ]. SSL can support many different encryption algorithms, but one of the most common in current use is one called RC4. As a sidenote, I'd recommend reading RSA Lab's FAQ in its entirety, if you get the chance. While one of its main purposes is to explain their products, it does give a superb introduction to cryptography for the layman (though just a bit of university-level mathematics is useful in understanding everything). You can find the menu for the FAQ at [ http://www.rsasecurity.com/rsalabs/faq/sections.html ]. If you have extensive amounts of free time on your hands and want to read even more about cryptography, you can spend quite a bit of time parsing the Cryptography FAQ at [ http://www.faqs.org/faqs/cryptography-faq/ ]. If you've decided to not read those FAQs, then I'll continue here with an explanation of the bit-length of keys. (If you actually did read all that, then get yourself a nice strong drink to deal with the headache all that information overload must have caused, and then continue here.) Fortify.net provides software which improves US "export-grade" encryption to safer standards. (US export law has been relaxed over the years, so 128-bit is now standard, according to the fortify.net FAQ.) Their FAQ page has a great explanation over the difference between 40-bit encryption (the old, very insecure, export-grade standard) and 128-bit encryption. According to [ http://www.fortify.net/README_main.html#confused ], Another sidenote: Better encryption standards could not be exported because the US Gov't considered them "munitions" just like nuclear weapons. (OK, I'm oversimplifying things a bit, but you get the basic idea.) "What's all this about RSA/RC4/40-bits/512-bits/symmetric keys? I'm confused. To cut a long story short, there are two types of keys used by Netscape. One is a "secret key", which encrypts and decrypts your transmitted data. The secret key is generally between 40 and 168 bits in size, depending on the cipher involved." The FAQ continues: "How strong is a 40 bit secret key anyway? It is feeble. Netscape Communications peg the computation effort to exhaustively search a 40 bit key at approximately 64 MIPS-years (MIPS = millions of instructions per second). This means that it would take a 1 MIPS computer 64 years to find a 40 bit key value. A 64 MIPS computer would take one year to do the same task. Two such computers would need 6 months of computation. And so on. Digital Equipment Corporation announced in July 1996 a version of its 64-bit Alpha 21164 RISC chip that is capable of 2000 MIPS. Hook together, say, four CPUs of this power, and you have a machine that can exhaustively search a 40-bit key space in (64 * 365) / (2000 * 4) = 2.92 days. On average, a key search will reach its goal in half the maximum search time, i.e. 1.46 days. This is a crude example. The inescapable conclusion is that large corporations, governments, and intelligence agencies already have the ability to break 40-bit keys in real-time. The encryption is transparent - like using glass windows against a peeping tom." Here's a layman's summary of the above, in case you need one: * 40-bit encryption was the old standard which was the best encryption US companies were allowed to export at that time. * In 1996, a computer existed which would could crack a 40-bit key in a maximum of less than 3 days, and would usually take about 1.5 days to solve the puzzle. * Conclusion: If you protect your financial records with a 40-bit key, I sincerely hope that you have huge amounts of insurance and immeasurable time to clean up the mess afterwards. So, I've given you a baseline of the old 40-bit encryption standard. So, how much stronger is 128-bit encryption? Netscape, which pioneered the SSL standard, provides us with the answer at [ http://help.netscape.com/kb/consumer/19971208-6.html ]. "What is the difference between 128-bit and 40-bit encryption? Answer: The main difference is that 128-bit encryption provides a significantly greater amount of cryptographic protection than 40-bit encryption. With the increasing computing power of potential criminals, it is becoming more necessary to employ larger keys, as evidenced by a recent study by several leading cryptographers. In terms of what the numbers represent, "128" and "40" bit encryption refer to the size of the key used to encrypt the message. Roughly speaking, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times stronger than 40-bit encryption. Presently, 40-bit encryption is not considered "strong" security in the cryptographic community. However, even taking into account Moore's Law, which states that computing power doubles about every 18 months, 128-bit encryption represents a very strong method of encryption for the forseeable future. Note: Netscape products use a different key for every different security-enhanced communication, regardless of key size. This means that even if criminals were to devote significant resources and time toward breaking a key for one encrypted communication, the discovered key would be useless for other communications." So, how many days on average does it take to crack the 128-bit encryption of your web browser? 1.5 days multiplied by that insanely huge number above. Another point I'd like to highlight is the note at the end of this quote. Even if a cracker gets lucky and finds the key for a single communication, this has no bearing on his ability to get lucky and find the key for every other communication, because each separate communication uses a different key! Finally, I'd like to point you at a project that attempts to use the latest computer technology to break various encryption algorithms. This project allows us to see in real time the balance between ever-stronger computers and current encryption standards. It's called Distributed.net and it allows users all over the internet to plug the power of their individual computers into one enormous net-computer for the purpose of breaking encryption. You can find the project's website at [ http://www.distributed.net/ ], if you'd like to join in on the fun. And if you find that you really enjoy letting your computer run random distributed computer projects, feel free to join the search for extra-terrestrial aliens and get a cool screen saver in the process: [ http://setiathome.ssl.berkeley.edu/ ]. I hope I've managed to answer your question. Please ask for clarification as needed. /ephraim Search Strategy: [ http://search.netscape.com/nscp_results.adp?source=NSCPTop&query=%22128%20bit%22%20%2240%20bit%22%20encryption%20netscape&x=0&y=0 ] Netscape Search powered by Google: "128 bit" "40 bit" encryption netscape [ ://www.google.com/search?as_q=128+bit&num=100&hl=en&ie=UTF-8&oe=UTF-8&btnG=Google+Search&as_epq=encryption+faq&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images ] Google Search: 128 bit "encryption faq" [ ://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&as_qdr=all&q=%22128+bit%22+%22cryptography+faq%22&btnG=Google+Search ] Google Search: "cryptography faq" "128 bit" | |
| |
| |
| |
| |
| |
| |
| |
|
probonopublico-ga
rated this answer:
and gave an additional tip of:
$10.00
Wow, Ephraim, Many, Many Thanks. You've delivered all that I asked and more ... and I haven't even got round to reading the links yet .... but I will. Now, it's your turn for some champagne ... You deserve it. Kindest regards Bryan |
|
Subject:
Re: 128-bit Encryption
From: highnoon-ga on 05 Oct 2003 20:59 PDT |
Can there be product out there that encrypt more than 128 bits? In my serach I found this product that has the folloiwng specification: Strong security software solution for: Network Security Computer Security Internet Security Hard Disk Security Secure EMail One-Time Pad - Keys are used only once for any message and then destroyed. True One-Time Pad operation. The only keys considered totally unbreakable Selectable Key size up to 2048 bits (in 8 bit blocks) Exceeds RSA's recommended minimum secure key length of 768 bits Even stronger than US military specs of 1344 bits Authentication using selectable hashing algorithms Secure Hashing Algorithm (SHA-1) - 160 bits Message Digest 5 (MD5) - 128 bits Fast Streaming Cipher RC4 Streaming cipher - widely used in commercial applications including the Internet SSL, Microsoft Windows and Oracle SQL Period of cipher greater than 2^1700 power Totally Random Key Generation No pseudo-random keys All keys are generated from natural random noise: Radio signals from the stars Radioactive Decay Thermal noise I am uncertain how true is that. You can read more at http://www.willthegeek.com/features.htm |
Subject:
Re: 128-bit Encryption
From: probonopublico-ga on 05 Oct 2003 21:46 PDT |
Interesting Comment, HighNoon ... Many thanks. Curiously, when I took my shopping cart to the checkout, I was asked for my CC details on a 'non-secure' page. I found that bizarre on a site that was offering security solutions. Bryan |
Subject:
Re: 128-bit Encryption
From: wwg-ga on 01 Jul 2004 13:47 PDT |
Cryptographic security is a complex question. You asked about key sizes, for use with algorithms. And that's part of it. The AES 'break-off' project organized by NIST (formerly NBS) asked that each submitted candidate be capable of using 3 key lengths and 128bits was the shortest; the original request for submissions also asked for several block lengths (ie, the size of the plaintext which is taken at once and then repeated until there is no more plaintext). The chosen encryption algorithm, now the Advanced Encryption Standard and intended to replace DES (selected in 1976), is from Belgium. Several of the submitted algorithms (and at least one of the 5 finalists) were still more flexible in terms of variable key lengthts and variable block sizes. But from a security viewpoint, much of the concern about key length is misplaced. For good algorithm designs (how can one tell one has a good one?), and for good implementations (same question), with randomly selected keys (how can one tell?), and with sufficiently large keys (just how long? - depends on the state of the current computing art and on the attacker's resources, and on the type of algorithm), the chief security problem is not really direct attacks on the algorithm (the glamorous codebreaking bit), but auxillary issues (often pretty dreary unexciting stuff). NB: there are no good answers in practice to any of the questions in parenthesis in this paragraph. So, some very good algorithms are known to be vulnerable to particular types of cryptanalytic attacks regardless of key length. So if the way the cryptosystem (algorithms + protocols + user procedures) is used is sloppy, information may become available to an attacker which will permit one of the mentioned attacks against the encrption algorithm used. Dumpster diving is a very low tech example as copies of printed plaintexts (received or sent) or even disks (floppies, CDs, ...) with the same are often foolishly discarded. Your cryptosystem may fail and your secrets be revealed to the Bad Guys because someone was willing to paddle among the bannana peels and dig out your discards. More disturbingly for you (though not for an attacker), most computers used for cryptographic work are themselves insecure, so with a little enterprise an attacker can even avoid all those peels. A virus (or Trojan Horse) installed in the computer you're using can provide keys (no matter how long or short), plaintexts, ... Indeed, everything. discarded hardware is often enough, if the attacker can wait for a while. some MIT students recently went on a yard sale buying spree and bought discarded computers. They found the most amazing variety of confidential information on their harddrives. Financial information, private correspondence, identity information, ... NSA is said to insist that all hardrives which once had secret material on them be run through the computer equivalent of a tree chipper and then soaked in acid or solvent or both before they can leave Ft Meade as land fill. Peter Gutmann at the University of Auckland wrote a paper a few years ago demonstrating that even overwritten data on harddrives (including perhaps your keys, plaintexts, ...) is still readable. And note that most operating systems DO NOT erase data, but merely add the disk area used for a deleted file to the 'free to use' list. On a big harddrive, that chunk of disk surface might not be reused for months, or ever. But even if you use, and properly configure, a better operating system (ie, more secure) than the usual, and even if you arrange that all deleted files are overwritten in the official DoD manner (several times with carefully selected patterns of nonsense data), and even if choose your cryptosystem properly (good design, good algorithms, properly implemented, ...), and even if you use it properly, you may still have problems. In recent years, the British Secret Service (that's James Bond's folks!) and the US State Department are both publicly known to have lost portable computers with secret information on them. I personally know of a tower type machine used in a major teaching hospital cardio-thoracic surgery department (no spy secrets probably, but lots of confidential patient information) which was simply stolen right out of the hospital. It's happened to quite a few large companies too. And then there's system penetration (ie, password cracking or theft) -- no need to actually touch a piece of actual hardware. Just make copies of information (your keys, perhaps?) remotely. In short, I'd say that key length (though it's important they be 'long enough') isn't the biggest security problem in the modern era. Perhaps this helps shed a little light on the overall problem? |
Subject:
Re: 128-bit Encryption
From: probonopublico-ga on 01 Jul 2004 21:53 PDT |
Great Comment, wwg, Very many thanks. I posted another Question which you may not have noticed (no one else did) ... http://answers.google.com/answers/threadview?id=367133 As you will see, I 'expired' it to prevent it dying a death ... However, if you have a Comment, please post it here. Kindest regards Bryan |
Subject:
Re: 128-bit Encryption, (Gray code paraphrase)
From: wwg-ga on 28 Jul 2004 08:52 PDT |
Like any code, the Gray code used by the US State Dept did not directly provide for every possible meaning in a message. An example is the Zimmermann Telegram in which, there being no code word meaning Arizona, it was necessary to spell it out. When there is not an exact code word, one must improvise (ie, paraphrase). When improvising it is possible, as you note, to get the meaning intended slightly off. Insisting on a close paraphrase presumably was intended to limit those with poetic imaginations from soaring too freely into confusing precis. As for cryptanalytic consequence, you are correct in principle. During WWII, the folks at Bletchley Park were very pleased to discover 'cribs' (ie, bits of plaintext) by guess or habit. One German station was bored, and said so each morning in identical language for an extended period of time. BP even arranged for some 'gardening' to evoke some cribs when they needed them. In the case of a code (the Enigma that BP worked on was a cypher machine), the technical problem is somewhat different, but the principle is identical. If you know that some message discusses the Ambassador's indescretion at the ball, a paraphrase mentioning Mr Jones' mistake (when Jones is the Amb) might be enough to uncover an the meaning of an additional code group or a few. This is not (quite) the same thing as sending one message in code A and then repeating it in code B, for this situation may provide a break into previously blacked out code B if the repetition is suspected. After all, anything, including the personal history of an Embassy code clerk (ie, a girl friend's name or initials) may be significant in cryptanalysis (and has been). Hope this illuminates some of your question. ww |
Subject:
Re: 128-bit Encryption
From: probonopublico-ga on 28 Jul 2004 09:22 PDT |
Hi, wwg Very many thanks for finding me here and giving me your thoughts on 'paraphrasing' the Gray Code. This is much appreciated. All the Best Bryan |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
Search Google Answers for |
Google Home - Answers FAQ - Terms of Service - Privacy Policy |