Home > Security News > Expert deconstructs the cracking of 64-bit key
Security News:
EMAIL THIS
QUESTION & ANSWER

Expert deconstructs the cracking of 64-bit key

By Edward Hurley, News Writer
09 Oct 2002 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Last week, Distributed.net announced it had successfully cracked RSA Security's RC5-64 cipher, the company's 64-bit encryption key. Distributed.net, the nonprofit Birmingham, Ala.-based group that says its mission is the promotion of distributed computing, accomplished this feat as part of a contest announced five years ago by RSA Security, the Bedford, Mass.-based security company. The task was Herculean in scope, requiring more than four years of computations and shared computing power. SearchSecurity.com news writer Edward Hurley recently interviewed PGP Corp. chief technology officer Jon Callas via e-mail about what this means to encryption users. Callas is also a site expert for SearchSecurity.com and an encryption expert.

Can you explain what Distributed.net did?

Jon Callas, CTO PGP Corp.
Jon Callas, CTO PGP Corp.

FOR MORE INFORMATION:
SearchSecurity.com news exclusive: "Beware of PGP con job"

Best Web Links on encryption

Feedback on this story? Send your comments to News Writer Edward Hurley
How long did it take them to find the right combination?
Callas: They took 1,757 days. That's four years and almost 10 months. A total of 331,252 people tested a total of 15,769,938,165,961,326,592 keys. They ran through about 85% of the total key space, which means they were about as unlucky as my wife was.

What should users of encryption take away from this?

It took as many people as [live in] a good-sized city nearly five years to break a single key. Realistically, using a 64-bit key is probably safer than many other things you do every day (like getting into a car).
- Jon Callas, CTO PGP Corp.

Is a 128-bit key safe enough? Should encryption users consider even bigger keys?
Callas: A 128-bit key should be safe until and unless quantum computers become viable. And then 256-bit keys should be fine. However, there's no reason to go past that. While many algorithms support longer keys, they aren't tested very well with them and may actually be weaker with longer keys. Security people are conservative, and it's always a good idea to stick to things that are well-tested. I consider it the mark of a duffer to use Blowfish in 448-bit mode (its maximum) or some other algorithm in 512-bit mode. While it was fashionable a decade ago to make algorithms with these huge variable sizes, they haven't been tested at all.

So how long would it take to break a 128-bit key?


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts