# Cracking Encryption Algorithms

### Need for secure encryption algorithms

Good cryptographic systems should always be designed so that they are as difficult to break as possible. Governments have always had concerns with strong encryption fearing that it could be used against their countries by criminals. Sophisticated technology is used by law enforcement agencies to decipher encrypted information that might contain incriminating evidence. In theory one can break any encryption algorithm by exhausting every key in a sequence. This brute force method requires vast amounts of computing power as length of the key increase. For example a 32-bit key takes 2^32 (4294967296) steps. A system with 40 bit keys (e.g. US-exportable version of RC4) takes 2^40 steps - this kind of computing power is available in most universities and even small companies.### Encryption key lengths & hacking feasibility

Type of Attacker |
Budget |
Tool | Time & Cost/Key40 bit |
Time & Cost/Key
56 bit |

Regular User | Minimal $400 |
Scavenged computer time FPGA |
1 week 5 hours ($.08) |
Not feasible 38 years ($5,000) |

Small Business | $10,000 | FPGA ^{1} |
12 min.($.08) | 556 days ($5,000) |

Corporate Department | $300,000 | FPGA ASIC ^{2} |
24 sec. ($.08) 0.18 sec. ($.001) |
19 days ($5,000) 3 hours ($38) |

Large Corporation | $10M | ASIC | 0.005 sec.($0.001) | 6 min. ($38) |

Intelligence Agency | $300M | ASIC | 0.0002 sec.($0.001) | 12 sec. ($38) |

As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:

- develop a CPU that can test 1 billion IDEA keys per second
- build a parallel machine that consists of one million of these processors
- mass produce them to an extent that everyone can own one hundred of these machines
- network them all together and start working through the 128 bit key space

*"the number of components that can be packed on a computer chip doubles every 18 months while the price stays the same"*. Essentially, this means that computing power per dollar doubles every eighteen months. Using a derivative of this above law one can also say that,

**if a key length of x is considered safe today, in 18 months the key length would have to be x+1 to keep up to par with the computing power**. Recent studies performed by independent scientists have shown that key lengths should be no less than 90-bits long to ensure complete security for the next 20 years.

^{1 }

**FPGA**(Field Programmable Gate Arrays) are programmable pieces of hardware specifically designed for encryption/decryption.

^{2 }

**ASIC**(Application Specific Integrated Circuits) are also specialized hardware that can test 200 million keys per second.