What’s the deal with encryption strength —is 128 bit encryption enough or do you need more?
There are a lot of cloud services that tout encryption strength as a measure of how well they guard your data. It is quoted in bits, which is the size of the key. So you see services quoting 128 bit, 256 bit or even 2048 bit.
What about these numbers? Surely 256 is better than 128, and 2048 is even better yet.
What does it all mean, and how much do you need?
Encryption on computers uses the same principle as encryption of messages over the ages. To conceal information someone scrambles (encrypts) a message using a key. The key could be any text. Before computers it was often an agreed-on passage from a book. To descramble (decrypt) the message the key is used to reverse the encryption and arrive at the original message.
If you don’t have the key you are reduced to cracking the encryption by brute force. This means trying every possible key until you hit upon the right one.
In software, keys are usually a random string of characters. Each character is 8 bits. So, for example, 16 random characters is 128 bits. If you have a monster 256-character key, it is 2048 bits.
Now to crack modern computerized cryptography there are no short cuts. The encryption (scrambling the data) is done so that no extra information can be derived from the encrypted data. The only way to crack it is brute force.
So how long does that take? Can the NSA or other state actors crack all encryption? How many bits of encryption make your data secure?
First thing is, don’t panic. The claims made about the capabilities of code crackers are usually exaggerated. As Edward Snowden said, ‘trust the math.’ Mathematics is a fact. The NSA is constrained by it as much as everyone. So we can take a look at the math and draw some conclusions.
One simple fact is that each bit you add to a key doubles the number of possible keys and hence doubles the amount of time it takes to try all possible keys, i.e. a brute force attack.
One of the faster performed computer tasks is done by bitcoin miners who use massive banks of specialized hardware to evaluate a hashing function 300 quadrillion times a second (that’s three hundred thousand trillion).
But how does the computer power to evaluate their hashing function compare to trying to see if a key is the right one for a set of data in the course of a brute force attack.
Well it is a lot harder to decrypt a block of text with a key than to do what the bit coin miners do, but in the spirit of erring on the conservative side, even though testing a key takes orders of magnitude more computing, we will assume that a state actor could test a million trillion keys a second.
Now if we look at how many possible 64-bit keys there are (multiply 2 by itself 64 times) we get about a million trillion. So that would mean that the maximum possible decryption speed available today would be able to brute force a 64 bit key in a second.
That might sound scary. If you have a 128-bit key, and a 64-bit key can be cracked in a second, surely the 128-bit key will be vulnerable.
Not so fast. There are around 32 million seconds in a year. 32 million is 25 doublings. So if you can crack a 64-bit key in a second it will take a year for an 89-bit key (64 + 25). A million is 20 doublings, so an 109-bit key will take a million years.
Your 128-bit key is still 19 bits longer, which multiplies the time by 500,000. So to crack a 128-bit key with modern hardware is going to take around 500 billion years.
Moore’s law says that computers get twice as fast every 2 years. In cryptography terms that means that advances in computer power will give you one extra bit every two years. That is, if you can crack a 64-bit key in a second this year, you should be able to crack a 65-bit key in a second 2 years later.
On that basis increases in computer power would bring the time to crack a 128-key down to one year 78 years from now and 128 years to bring it down to a second.
Given that our estimates are probably orders of magnitude better than what can actually be done we can conclude that 128 bit encryption is absolutely safe for the rest of the century from known technology.
So is there any technology that will speed up these attacks?
Many people point to quantum computing , claiming it will allow the decryption of long keys in incredibly short times.
However quantum computing is aimed at public-key cryptography which is another type of cryptography. Public-key cryptography is very important in that it is the technology that drives secure communications such as SSL used to secure websites and the digital signing of documents, but it takes much more computer time and hence is not used for encryption of whole documents. Whether quantum computing will ever be practical remains to be seen, but it is not something that would apply to the type of cryptography we are talking here.
Bottom line: If you or your service providers use 128-bit encryption you can relax — there are other things much more serious to worry about.