There are a lot of cloud services that tout encryption strength as a measure of how well they guard your data. It is quoted in bits, which is the size of the key. So you see services quoting 128 bit, 256 bit or even 2048 bit. What about these numbers​? Surely 256 is better than 128, and 2048 is even better yet. What does it all mean, and how much do you need? Encryption on computers uses the same principle as encryption of messages over the ages. To conceal information someone scrambles (encrypts) a message using a key. The key could be any text. Before computers it was often an agreed-on passage from a book. To descramble (decrypt) the message the key is used to reverse the encryption and arrive at the original message. If you don’t have the key you are reduced to cracking the encryption by brute force. This means trying every possible key until you hit upon the right one. In software, keys are usually a random string of characters. Each character is 8 bits. So, for example, 16 random characters is 128 bits. If you have a monster 256-character key, it is 2048 bits. Now to crack modern computerized cryptography there are no short cuts. The encryption (scrambling the data) is done so that no extra information can be derived from the encrypted data. The only way to crack it is brute force. So how long does that take? Can the NSA or other state actors crack all encryption? How many bits of encryption make your data secure? First thing is, don’t panic. The claims made about the capabilities of code crackers are usually exaggerated. As Edward Snowden said, ‘trust the math.’ Mathematics is a fact. The NSA is constrained by it as much as everyone. So we can take a look at the math and draw some conclusions. One simple fact is that each bit you add to a key doubles the number of possible keys and hence doubles the amount of time it takes to try all possible keys, i.e. a brute force attack. One of the faster performed computer tasks is done by who use massive banks of specialized hardware to evaluate a hashing function 300 quadrillion times a second (that’s three hundred thousand trillion). bitcoin miners But how does the computer power to evaluate their hashing function compare to trying to see if a key is the right one for a set of data in the course of a brute force attack? Well it is a lot harder to test decrypting a block of text to see if the key works than to do what the bit coin miners do. However, in the spirit of erring on the conservative side, even though testing a key takes orders of magnitude more computing than the simple hash computation done by the bitcoin miners, we will assume that a state actor could test a million trillion keys a second. Now if we look at how many possible 64-bit keys there are (multiply 2 by itself 64 times) we get about a million trillion. So that would mean that the maximum possible decryption speed available today would be able to brute force a 64 bit key in a second. That might sound scary. If you have a 128-bit key, and a 64-bit key can be cracked in a second, surely the 128-bit key will be vulnerable. Not so fast. There are around 32 million seconds in a year. 32 million is 25 doublings. So if you can crack a 64-bit key in a second it will take a year for an 89-bit key (64 + 25). A million is 20 doublings, so an 109-bit key will take a million years. Your 128-bit key is still 19 bits longer, which multiplies the time by 500,000. So to crack a 128-bit key with modern hardware is going to take around 500 billion years. says that computers get twice as fast every 2 years. In cryptography terms that means that advances in computer power will give you one extra bit every two years. That is, if you can crack a 64-bit key in a second this year, you should be able to crack a 65-bit key in a second 2 years later. Moore’s law On that basis increases in computer power would bring the time to crack a 128-key down to one year 78 years from now and 128 years to bring it down to a second. Given that our conservative estimates are orders of magnitude better than what can actually be done, we can conclude that 128 bit encryption is absolutely safe for the rest of the century from known technology. So is there any technology that will speed up these attacks? Many people point to , claiming it will allow the decryption of long keys in incredibly short times. quantum computing However quantum computing is aimed at which is another type of cryptography. Public-key cryptography is very important in that it is the technology that drives secure communications such as SSL used to secure websites and the digital signing of documents, but it takes much more computer time and hence is not used for encryption of whole documents. Whether quantum computing will ever be practical remains to be seen, but it is not something that would apply to the type of cryptography we are talking here. public-key cryptography Bottom line: If you or your service providers use 128-bit encryption you can relax — there are other things much more serious to worry about. IF YOU LIKED THIS EXPLANATION CLICK HERE TO CHECK OUT MY BOOK THAT EXPLAINS WHY ENTERPRISE SYSTEMS FAIL — THE REASONS AREN’T WHAT YOU THINK

Bitcoin

How To Survive The Journey of ERP Implementation At Your Business

Enterprise Software Is the Hardest Software To Write

Read my book and learn the real truth behind IT disasters.

Is 128 Bit Encryption Enough?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Enterprise Software Is the Hardest Software To Write

10 Reasons Wordpress Sites Get Hacked and How to Avoid Them

10 Features of a Secure Website

10 Cybersecurity Books Every Business Owner Should Read

10 Cybersecurity Tips Everyone Should Follow

121 Stories To Learn About Data Protection

Enterprise Software Is the Hardest Software To Write

10 Reasons Wordpress Sites Get Hacked and How to Avoid Them

10 Features of a Secure Website

10 Cybersecurity Books Every Business Owner Should Read

10 Cybersecurity Tips Everyone Should Follow

121 Stories To Learn About Data Protection

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps