Is encryption really crackable?

Is encryption really crackable?

Summary: Is encryption really crackable or not? What about the danger that zombie networks pose if they're ever unleashed on an encryption stream? Can Moore's law ultimately break encryption? This article will dispel some myths about encryption and security.

TOPICS: Security

When I sent out this alert about Banks not using SSL to prove their identity to their users, quite a bit of feedback was excessively cynical on encryption technology and cryptography in general along the lines of "it's useless anyways".  While there are times when a little cynicism is healthy, this isn't one of them and it seems all too common for some in the IT industry to say things like "encryption is easily broken".  Spreading misinformation 256 bits is roughly equal to the number of atoms in the universe. about the weakness of encryption is harmful because the biggest problem with Cryptography is that it isn't used correctly or isn't used at all.  Spreading the myth that encryption is useless will only get people to say "why bother if it's already broken" and make people less secure.

The problem is compounded by the fact that much of the misinformation out there actually sounds somewhat believable and many people just don't know what to believe.  So to settle this once and for all, let's look at the facts.  One of the things that make these myths plausible is the fact that "128-bit" WEP encryption used in 802.11 Wireless LANs is so pathetically weak.  The inside scoop is that WEP was designed during the late 90s during a time when USA export laws were extremely tight.  Fearing 802.11 devices would be banned by US export laws, good encryption algorithms were deliberately passed up by the 802.11 group in favor of a weaker one.  The WEP algorithm was fundamentally flawed and the 802.11 standards body knew full well that it wasn't a strong encryption algorithm when they selected it.  However, WEP's glaring weaknesses are not characteristic of any properly implemented symmetric encryption algorithms used in SSL or VPN implementations.  To give you an idea of how good something like DES is, DES is 30 years old and no one has found any weakness or shortcut for cracking it yet though it can be brute forced.  Brute force techniques are considered impractical because modern encryption algorithms are 128 to 256 bits long.

Further propelling the myth that encryption is worthless is that I often hear people saying that they heard that a 512 bit RSA key was broken.  The truth of the matter is that 512 bit (and recently even 660 bit) RSA keys have been broken by the University of Bonn in Germany but that is has absolutely nothing to do with the type of encryption that's used for ordinary bulk encryption.  Furthermore, RSA's inventors were well aware of the fact that it takes a much larger key to be secure which is why typical implementations are at a minimum 768 bits and can easily go up to 2048 bits and beyond.  To give you an idea what it takes to break an RSA 1620 bit key, you would need a computer with 120 Terabytes of memory before you can even think about attempting it and the memory requirement virtually rules out massively distributed cracking methods.  Some may ask why use RSA keys when it's many orders of magnitude slower and requires so many more bits to be secure, the reason is that RSA encryption has the special property of being able to do secure key exchanges in plain sight of an adversary who is trying to break in but still remain safe.  For this reason, RSA keys are strictly used for the initial phases of a secure communication session for the purpose of Authentication (where one entity proves who they are) and for secure key exchanges (used for bulk symmetric encryption).  Once the initial transaction is complete, the key that was exchanged during the initial RSA phase can now be used for SSL or VPN bulk encryption with algorithms like RC5, 3DES, or AES.

The last big factor in encryption myths and bit size inflation is salesmen and marketers because bigger numbers always sound nicer.  I've had salesmen come in to my office and try to tell me that RSA or AES encryption was worthless and that I should be using their product which uses some kind of 1000 bit wonder-crypto solution.  All it takes is one company to try and out do their competitors and pitch their products using 4096-bit RSA and the next company will come along and pitch 16384-bit RSA keys in their product.  Many IT consultants will shy away from quoting smaller bit sizes because they're afraid to be out done by their competitors.

Ah, but what about the dreaded massively distributed cracking brute force method for attacking something like 128 bit RC5 encryption?  There are massive zombie farms of infected computers throughout the world and some may have gotten as big as 1 million infected computers.  What if that entire army was unleashed upon the commonly used 128 bit RC5 encryption?  Surprisingly, the answer is not much.  For the sake of argument, let's say we unleash 4.3 billion computers for the purpose of distributed cracking.  This means that it would be 4.3 billion or 2 to the 32 times faster than a single computer.  This means we could simply take 2 to the 128 combinations for 128-bit encryption and divide it by 2 to the 32 which means that 2 to the 96 bits are left.  With 96 bits left, it's still 4.3 billion times stronger than 64 bit encryption.  64 bit encryption happens to be the world record for the biggest RC5 bit key cracked in 2002 which took nearly 5 years to achieve for a massive distributed attack.

Now that we know that the distributed attacks will only shave off a few bits, what about Moore's law which historically meant that computers roughly doubled in speed every 18 months?  That means in 48 years we can shave another 32 bits off the encryption armor which means 5 trillion future computers might get lucky in 5 years to find the key for RC5 128-bit encryption.  But with 256-bit AES encryption, that moves the date out another 192 years before computers are predicted to be fast enough to even attempt a massively distributed attack.  To give you an idea how big 256 bits is, it's roughly equal to the number of atoms in the universe!

Once some of these basic facts on encryption become clear, "is encryption crackable" isn't the right question because the real question is "when can it be cracked and will it matter then".  This is just like Bank safes which are rated by the time it takes an attacker to crack it open and never sold as "uncrackable".  Encryption strength and the number of bits used are selected based on how many decades the data needs to be kept safe.  For a secure E-Commerce transaction, the data being transmitted is moot after a few decades which is why 128-bit encryption is perfectly suitable since it's considered unbreakable for the next few decades.  For top secret classified data that needs to remain secret for the next 100 years, the Government uses NIST certified 256-bit AES encryption.  So the next time someone tells you that encryption is crackable, ask him if he'll be around on this earth to see it demonstrated.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Perhaps it's newbies confusing encryption with hashing

    With the recently discovered weaknesses in hashing algorithms, like [url=]md5[/url], which make it possible to generate collisions with less than brute force effort, perhaps all of these people who go on about how "encryption is crackable" are confusing hashing with encryption.
    • Most of those comments came on the TechRepublic forums

      The truth is even SHA-1 is under attack and some Chinese scientists have found some shortcuts to accelerate the search for hash collisions. That makes authentication and digital signatures weaker to the point that they might be candidates for a world record attempt to find a hash collision. However, SHA-1 isn't broken and it doesn't affect symmetric encryption.

      Most of the "encryption is crackable" comments came on my TechRepublic talkback.

      And yes, you have to cut-paste it in to the browser without the space in the middle of the URL. This talkback engine keeps inserting spaces in the long URLs no matter what I do.
      • Okay, you're right.

        It appears some people are just ignorant about encrpytion in general.

        Oh, and don't be a lazy bum George! Use the url tag to post links, like this, only use sqaure brackets.



        • HTML Tags


          If you would be so kind, give the readers a 'tutorial' tag usage in ZDNet.

          An example on each would be appreciated.

          Thanks in advance
          D T Schmitz
          • They are all listed except for url...

            ...above the box you type your post in

            {b}{/b} {i}{/i} {u}{/u} {pre}{/pre} {url=}{/url}

            Pre:[pre]Pre? Not sure what that means, but when I post this I guess I'll find out[/pre]
            URL: [url=][/url]
          • (nt)I guess "pre" is like a "quote" feature.

          • Preformatted text

            [url=][b]Pre[/b]formatted text[/url]

            Thanks ToadLife!
            D T Schmitz
        • "... no matter what I do"

          poor G. - maybe you should be writing for ZD, Ou don't knew a clue, the basics anywayz.
          Reverend MacFellow
      • hiding in plain sight

        Given the history of code making and code breaking, I suggest that ANY communication that actually contains information unknown to the intended recipient is ultimately crackable. Sooner rather than later given the proclivity of the crackers to capitalize on how information must be rendered and organized before it is useful to anyone, and the practical time limits on how long the intended recipient has to perform information recovery before it [the information] becomes irrelevant.

        White noise and nonsense are ultimately uncrackable because there is no information content.

        Quite possibly there is some advanced mathematical proof for this concept, but don't ask me what it is.
        • Unbreakable Encryption

          There are in fact two methods widely accepted as unbreakable for the uninformed interceptor (of course if the interceptor has acquired the keys by other means you ae still open).

          First is the one-time-pad cypher, where the key length is as long as the message and never repeats. But this requires delivery of the huge cypher keys by some other secure means, so is best reserved for short messages such as "Fire your missiles at 22:00 Zulu".

          The other is the Quantum Cypher, which relies on quantum mechanics and is able to deliver BOTH the key and the message securely. Too complex to explain here, but it requires direct transmission of photons so isn't much use on the Internet :-). But it is VERY secure.
    • Nope, you STILL don't get it....

      Talking about moore's law atc. is missing the ponit entirely.

      You can't say "if we had this many computers running at this many terahertz for this long", then extrapolating the numbers is junk science.

      128 bits won't ever be brute forced simply because there isn't enough electricity available on earth to power those "future computers". Even if a single key test only needs 0.00000001w of power to perform it...well you can do the math.

      Short's not going to happen - and it's [b]NOT[/b] a case of fiddling with megahertz and number of CPU cores on a spreadsheet.

      Nope, to break encryption you need a flaw in the algorithm itself, not brute force. This is what happened to MD5 - somebody found a shortcut.

      The biggest problem of all is in the passwords people use. Most people will type in an ordinary english word when asked for a password and that reduces the search to about 20 bits - laughably easy. Even six totally random letters is only abotu 36 bits - half an hour's work on a modern desktop PC.
      • Let's play a Game

        You claim "128 bits won't ever be brute forced..." A 128 bit key would be 16 digits (decimal).

        We are working a project to disprove assertions such as this and we are currently capable to 28 digits decimal (224 bit). The last number we tested was part of the Clay Mathematics Institute prime number challenge. The number 1020030004000050000060000007 was factored by us in 2.5 minutes. (I'm rounding, but you get the point.) If you'd like to see your theory proved or disproved. Please provide a number that is 28 characters or less (digital) long. I will post back the factorization. You response may be to say, "see your solution is good to only 1/10,000 of a 32 bit key." It might shock you to know that our solution is restricted to one desktop.
        • Update

          The Clay Mathmatics Institute had posted a series of challenge numbers. I mentioned such in my previous post. At that time, we had some programatic hurdles to overcome and were limited to 28 bits. We now have a solution that works to 10,000 decimal digits, runs on a pc and works rather quickly. There is a second CMI number that was published in the same challenge. The number: 51920810450204744019132202403246112884629925425640897326550851544998255968235697331455544257 Breaks down into the following factors:
          In binary bits the number is 305 bits...significantly more than 128 bits. It took us about 15 cpu days to factor this number. So assuming that the data you are trying to protect won't be valuable in 15 days...then 128 bit encryption is adequate. On the other hand we were using a couple of mid-range desktops and we overshot 128 bits by a factor of 138% so it is reasonable to assume that the technology as exists today, for a typical hacker is capable of breaking 128 bit encryption in about 1 week. Couple this with the fact that the most secure encryption that is available through web browsers is 128 bit and my fear is that online ecommerce is in significant danger.
          • Is that a joke ?

            I am surprised to see such an incompetent quote from a member of "The Clay Mathmatics Institute". Either you do not know what you are talking about, or you do it on purpose.
            That's because of people like you that others are misinformed about cryptography.

            Taking into consideration that you are searching the factoring of a big number, the goal is to break RSA. Today, the minimal recommended number length for RSA is 1024bit. A simple look at the facebook certificate proves that they are using 1024 RSA. Sites like e-commerce use the 2048bit version.

            You are the mathematical person. I let you do the calculations and tell me what is the result of (2^2048 / 2 ^ 128) * 7 days = 2^192 * 7 days = the time needed YOU will need in order to break the RSA key exchange.

            Event now, 7 years after your post, you will still run your computers to break the same key.
  • Two Questions

    1. Re the zombies, presumably one should also factor in that whoever controls them will not have their full capacity available. I imagine that making them work flat out would, in many cases at least, lead to the fact that they had been taken over being discovered.

    2. I take the point about being secure for long enough. But to what extent might quantum computing change things dramatically? Is it reasonable to base projections solely on Moore's Law? Anyone like to guess if or when quantum computing will spread become available outside goverment, high end academia and very large companies?

    • Answers

      1. Yes you're right, it can never be full capacity and no one will ever control 4.3 billion computers. My point was that even if we assumed we had full capacity of all 4.3 billion computers, it would only shave off 32 bits in the encryption strength which isn?t that significant in the context of a 128 or 256 bit encryption key.

      2. Quantum computing if it ever comes about will bring about the need for quantum encryption. Encryption will always have an advantage over cracking because it's a ratio thing. The computational power required to encrypt something will always be many magnitudes of order cheaper than the amount of computational power to brute force decrypt it. The only exception to this rule is if there is a weakness in the encryption algorithm that significantly lowers that ratio.
      • In addition

        In addition, it hasn't been proven yet that all types of encryption can be cracked with quantum computing. Only some of them have been shown to be weak against quantum computing. Whether or not this can be generalized remains an open question.
        • Thanks

          Thanks for adding that
      • There's a bit more to it

        You've glossed over the use of quantum computers to decrypt data that has been secured using current methods.
        For the sake of discussion, let's assume quantum computers will be commonly used 30 years from now. Data encrypted using a 128 or 256 bit encryption key that needs to be kept secure for 50 years could possibly be decrypted using quantum computer(s) at some point in the future.

        As for item 2, quantum computers and quantum cryptography are not directly related.

        Quantum computing changes the way computations occur at a very fundamental level. Modern computers use a binary system with each bit having a value of either exactly zero or exactly one. Quantum bits (qubits) could be viewed as having values of 0, 1, or a blend of 0 and 1. Visit for a more complete description.

        However, quantum cryptography, based on Werner Heisenberg's Uncertainty Principle, is not dependant on quantum computers. Heisenberg stated that any attempt to measure a sufficiently small (quantum) system would affect the system, making the measurement inaccurrate.

        Data can be encrpyted using quantum cryptography that, theoretically, could never be decrypted regardless of the type of computer used. The attempt to decrypt it without the key would alter (destroy) the data.

        Let's say you want to transmit a message securely using quantum cryptography. First you need to convert the message to a binary stream that can be transmitted as a series of photons. Then you would apply a series of filters to individual photons in the stream to encrypt the message. The same filters would have to be applied (in the same order) to decrypt the message. Anything else would alter the message.

        There is no need for a quantum computer to provide quantum cryptography. However, quantum computers could (theoretically) make a brute-force crack of modern encryption methods possible at some point in the future.
        • Thanks

          Thanks for your insightful post.