Military Grade Encryption (AES-1024) — Snake Oil Crypto?

I have had many occasions where companies have asked me whether 256-bit encryption is secure, and the answer always asks what they actually use. A lot depends on the randomization process and whether passwords and key derivation functions (KDFs) are involved.

And so, there are products on the market that perhaps try to over-market themselves and where users think that they provide some form of enhancement to an existing “standard” system. This can especially be the case for a “military-grade” system provided to users, and which can sometimes be flawed, especially if they involve a “cook your own crypto” approach.

So, let’s look at the crazy world of 1,024-bit AES encryption.

Brute force

In order to understand the concept of work in cracking cryptography, Lenstra [here] defined the concept of Global Security in order to show the amount of energy required to crack cryptographic algorithms and compare this with the amount of water that energy could boil. This could be seen as the carbon footprint of cracking. For a 35-bit key, you only need to pay for the boiling of a teaspoon of energy, and for a 50-bit key, you just need to have enough money to pay for a shower: