Cracking Encryption Algorithms

Need for secure encryption algorithms

Good cryptographic systems should always be designed so that they are as difficult to break as possible. Governments have always had concerns with strong encryption fearing that it could be used against their countries by criminals. Sophisticated technology is used by law enforcement agencies to decipher encrypted information that might contain incriminating evidence. In theory one can break any encryption algorithm by exhausting every key in a sequence. This brute force method requires vast amounts of computing power as length of the key increase. For example a 32-bit key takes 2^32 (4294967296) steps. A system with 40 bit keys (e.g. US-exportable version of RC4) takes 2^40 steps - this kind of computing power is available in most universities and even small companies.

Encryption key lengths & hacking feasibility

Type of Attacker Budget Tool Time & Cost/Key
40 bit
Time & Cost/Key
56 bit
Regular User Minimal

Scavenged computer time

1 week

5 hours ($.08)
Not feasible

38 years ($5,000)
Small Business $10,000 FPGA 1 12 min.($.08) 556 days ($5,000)
Corporate Department $300,000 FPGA

24 sec. ($.08)

0.18 sec. ($.001)
19 days ($5,000)

3 hours ($38)
Large Corporation $10M ASIC 0.005 sec.($0.001) 6 min. ($38)
Intelligence Agency $300M ASIC 0.0002 sec.($0.001) 12 sec. ($38)

As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:

Assuming ideal performance and no downtime, one should be able to exhaustively search the key-space in over 20,000 years. A common concern amongst many is deciding what key length is secure. There is a metronome for technological progress called Moore's Law which states that; "the number of components that can be packed on a computer chip doubles every 18 months while the price stays the same" . Essentially, this means that computing power per dollar doubles every eighteen months. Using a derivative of this above law one can also say that, if a key length of x is considered safe today, in 18 months the key length would have to be x+1 to keep up to par with the computing power. Recent studies performed by independent scientists have shown that key lengths should be no less than 90-bits long to ensure complete security for the next 20 years.

1 FPGA (Field Programmable Gate Arrays) are programmable pieces of hardware specifically designed for encryption/decryption.

2 ASIC (Application Specific Integrated Circuits) are also specialized hardware that can test 200 million keys per second.