Terrorists and encryption

[Joe_Cool]

*Originally posted by micco *
**I don’t know if NSA can brute-force a 128-bit AES key very quickly or not. I’m willing to bet that even if they can, the process is so expensive (in processing time) that you’ve got to be NSA-enemy #1 before they bother. That makes the business proposals I carry on my laptop pretty safe. **

Pretty unlikely that brute-forcing a 128-bit key is even possible, given today’s technology.

A few minutes on bc (gotta pimp my linux calculator. :)) tells me this:

2^128 is 340,282,366,920,938,463,463,374,607,431,768,211,456 or about 3.4x10[sup]38[/sup]. That’s a really big number.

Given that there are about 31 million seconds in a year, and assuming that the NSA’s super-duper cipher cracker can try 10[sup]27[/sup] (1 billion billion billion) keys per second*** (an outrageously generous estimate), it would take about 10,780 years to exhaust a 128-bit keyspace. Which is longer than we’ve had recorded civilization. On average you only have to search 1/2 the keyspace to find your answer, so my secrets will be safe from the NSA, on average, for about 5,300 years.

That’s mathematically, of course. There is, in fact, a much better way to get your encryption key: Lock you in a room with Vinny and Sal and a couple of baseball bats until you give up the key. This is not only more efficient, but much more effective.

And I’m backing you on the difference between public-key and secret-key crypto keysize. To break an n-bit RSA (for example) key, all you have to do is factor an n-bit number into its two prime factors. Not easy, by any means, but it’s a much better way than trying every possible key. That’s why RSA and Diffie-Hellman have such larger keysizes.

*** Also assuming the fastest way to break AES, Blowfish, IDEA, or whatever algo you’re using, is to try every possible key. Which may not be true. See RSA, for example.

[Joe_Cool]

*Originally posted by RM Mentock *
**Sure, if you’re talking about terabytes of daily banking information or something, but if you mean simple telegrams, or text-based email, then a DVD one-time pad along with your computer (everybody’s got one) could do you for a long long time. **

There are also, as micco already pointed out, some implementation problems as well. How do you make sure that, with 20 terrorist cells operating independently, the same piece of key doesn’t get used multiple times? It’s just not good for everybody to start encrypting from the beginning. HQ needs to be able to read the messages, so they need to be able to keep track of where on the key-dvd their messages are beginning. If everybody is using the same dvd, they all need to signal each other to know which bits of key can’t be reused. Not efficient, when you have to contact every other cell, as well as HQ, to let them know that key bits 33A7CE2B through 4A6ECB14 A are in use now. And if they ever have to communicate with each other, for whatever reason, they will need to have the same key. Overall, one time pads aren’t really good for anybody except for people that have the resources to implement them properly, such as governments; and they seem especially ill-suited for people who want to keep hidden.

[micco]

*Originally posted by Joe_Cool *
***** Also assuming the fastest way to break AES, Blowfish, IDEA, or whatever algo you’re using, is to try every possible key. Which may not be true. See RSA, for example. **

This is why I included the caveat. I agree that brute forcing AES is unlikely, but there could be a better way. Given the open process in choosing AES, it’s unlikely that there’s a big backdoor, but it’s always possible there’s a subtle way to crack the algorithm in shorter than brute-force time. Differential analysis was one such tool that was secret for a very long time, allowing the few groups that knew about it (NSA included) to crack some algorithms more easily than the rest of us thought possible. My earlier post should have said “NSA can crack” rather than “NSA can brute force” since I was really thinking of these kinds of attacks.