Expert deconstructs the cracking of 64-bit key

Last week, Distributed.net announced it had successfully cracked RSA Security's RC5-64 cipher, the company's 64-bit encryption key. Distributed.net, the nonprofit Birmingham, Ala.-based group that says its mission is the promotion of distributed computing, accomplished this feat as part of a contest announced five years ago by RSA Security, the Bedford, Mass.-based security company. The task was Herculean in scope, requiring more than four years of computations and shared computing power. SearchSecurity.com news writer Edward Hurley recently interviewed PGP Corp. chief technology officer Jon Callas via e-mail about what this means to encryption users. Callas is also a site expert for SearchSecurity.com and an encryption expert.

Is a 128-bit key safe enough? Should encryption users consider even bigger keys?
A 128-bit key should be safe until and unless quantum computers become viable. And then 256-bit keys should be fine. However, there's no reason to go past that. While many algorithms support longer keys, they aren't tested very well with them and may actually be weaker with longer keys. Security people are conservative, and it's always a good idea to stick to things that are well-tested. I consider it the mark of a duffer to use Blowfish in 448-bit mode (its maximum) or some other algorithm in 512-bit mode. While it was fashionable a decade ago to make algorithms with these huge variable sizes, they haven't been tested at all.

FOR MORE INFORMATION:
SearchSecurity.com news exclusive: "Beware of PGP con job"

Best Web Links on encryption


Feedback on this story? Send your comments to News Writer Edward Hurley
How long did it take them to find the right combination?
They took 1,757 days. That's four years and almost 10 months. A total of 331,252 people tested a total of 15,769,938,165,961,326,592 keys. They ran through about 85% of the total key space, which means they were about as unlucky as my wife was.

Dig deeper on Disk Encryption and File Encryption

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close