Cracking Encryption Algorithms
Need for secure encryption algorithmsGood cryptographic systems should always be designed so that they are as difficult to break as possible. Governments have always had concerns with strong encryption fearing that it could be used against their countries by criminals. Sophisticated technology is used by law enforcement agencies to decipher encrypted information that might contain incriminating evidence. In theory one can break any encryption algorithm by exhausting every key in a sequence. This brute force method requires vast amounts of computing power as length of the key increase. For example a 32-bit key takes 2^32 (4294967296) steps. A system with 40 bit keys (e.g. US-exportable version of RC4) takes 2^40 steps - this kind of computing power is available in most universities and even small companies.
Encryption key lengths & hacking feasibility
|Type of Attacker||Budget||Tool||Time & Cost/Key
|Time & Cost/Key
|Scavenged computer time
5 hours ($.08)
38 years ($5,000)
|Small Business||$10,000||FPGA 1||12 min.($.08)||556 days ($5,000)|
|24 sec. ($.08)
0.18 sec. ($.001)
|19 days ($5,000)
3 hours ($38)
|Large Corporation||$10M||ASIC||0.005 sec.($0.001)||6 min. ($38)|
|Intelligence Agency||$300M||ASIC||0.0002 sec.($0.001)||12 sec. ($38)|
As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:
- develop a CPU that can test 1 billion IDEA keys per second
- build a parallel machine that consists of one million of these processors
- mass produce them to an extent that everyone can own one hundred of these machines
- network them all together and start working through the 128 bit key space
1 FPGA (Field Programmable Gate Arrays) are programmable pieces of hardware specifically designed for encryption/decryption.
2 ASIC (Application Specific Integrated Circuits) are also specialized hardware that can test 200 million keys per second.