Cracking Encryption Algorithms

Need for secure encryption algorithms

Good cryptographic systems should always be designed so that they are as difficult to break as possible. Governments have always had concerns with strong encryption fearing that it could be used against their countries by criminals. Sophisticated technology is used by law enforcement agencies to decipher encrypted information that might contain incriminating evidence. In theory one can break any encryption algorithm by exhausting every key in a sequence. This brute force method requires vast amounts of computing power as length of the key increase. For example a 32-bit key takes 2^32 (4294967296) steps. A system with 40 bit keys (e.g. US-exportable version of RC4) takes 2^40 steps - this kind of computing power is available in most universities and even small companies.

Encryption key lengths & hacking feasibility

Type of Attacker	Budget	Tool	Time & Cost/Key 40 bit	Time & Cost/Key 56 bit
Regular User	Minimal $400	Scavenged computer time FPGA	1 week 5 hours ($.08)	Not feasible 38 years ($5,000)
Small Business	$10,000	FPGA ¹	12 min.($.08)	556 days ($5,000)
Corporate Department	$300,000	FPGA ASIC ²	24 sec. ($.08) 0.18 sec. ($.001)	19 days ($5,000) 3 hours ($38)
Large Corporation	$10M	ASIC	0.005 sec.($0.001)	6 min. ($38)
Intelligence Agency	$300M	ASIC	0.0002 sec.($0.001)	12 sec. ($38)

As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:

develop a CPU that can test 1 billion IDEA keys per second

build a parallel machine that consists of one million of these processors

mass produce them to an extent that everyone can own one hundred of these machines

network them all together and start working through the 128 bit key space

Assuming ideal performance and no downtime, one should be able to exhaustively search the key-space in over 20,000 years. A common concern amongst many is deciding what key length is secure. There is a metronome for technological progress called Moore's Law which states that; "the number of components that can be packed on a computer chip doubles every 18 months while the price stays the same" . Essentially, this means that computing power per dollar doubles every eighteen months. Using a derivative of this above law one can also say that, if a key length of x is considered safe today, in 18 months the key length would have to be x+1 to keep up to par with the computing power. Recent studies performed by independent scientists have shown that key lengths should be no less than 90-bits long to ensure complete security for the next 20 years.

¹ FPGA (Field Programmable Gate Arrays) are programmable pieces of hardware specifically designed for encryption/decryption.

² ASIC (Application Specific Integrated Circuits) are also specialized hardware that can test 200 million keys per second.

• Work at Home
• Encryption Home

Encryption

• Why Encrypt?
• How Encryption works
• Private Key Encryption
• Public Key Encryption
• Encryption Algorithms
• Cracking Encryption
• Encrypted Email
• Virtual Private Network
• Encryption Tools
• Encryption Resources

Privacy

• George Orwell's 1984
• Internet Privacy
• Identity Theft
• Privacy Resources

Security

• Hacking
• Computer Security
• Operating Systems
• Security Resources