Expert deconstructs the cracking of 64-bit key

Last week, announced it had successfully cracked RSA Security's RC5-64 cipher, the company's 64-bit encryption key., the nonprofit Birmingham, Ala.-based group that says its mission is the promotion of distributed computing, accomplished this feat as part of a contest announced five years ago by RSA Security, the Bedford, Mass.-based security company. The task was Herculean in scope, requiring more than four years of computations and shared computing power. news writer Edward Hurley recently interviewed PGP Corp. chief technology officer Jon Callas via e-mail about what this means to encryption users. Callas is also a site expert for and an encryption expert.

Is a 128-bit key safe enough? Should encryption users consider even bigger keys? A 128-bit key should be safe until...

and unless quantum computers become viable. And then 256-bit keys should be fine. However, there's no reason to go past that. While many algorithms support longer keys, they aren't tested very well with them and may actually be weaker with longer keys. Security people are conservative, and it's always a good idea to stick to things that are well-tested. I consider it the mark of a duffer to use Blowfish in 448-bit mode (its maximum) or some other algorithm in 512-bit mode. While it was fashionable a decade ago to make algorithms with these huge variable sizes, they haven't been tested at all.

FOR MORE INFORMATION: news exclusive: "Beware of PGP con job"

Best Web Links on encryption

Feedback on this story? Send your comments to News Writer Edward Hurley
How long did it take them to find the right combination?
They took 1,757 days. That's four years and almost 10 months. A total of 331,252 people tested a total of 15,769,938,165,961,326,592 keys. They ran through about 85% of the total key space, which means they were about as unlucky as my wife was.

Dig Deeper on Disk and file encryption tools

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.