Security Alert: Encryption is not very hard to crack 1024-bit, 2048-bit, 4096-bit and NSA Quantum Resistant Algorithm [Encryption Scorecard Inside]
We have all heard how Encryption Is Very Hard To Crack,
At the recent “The Impending End of RSA” workshop that DARPA sponsored, Dan Bernstein gave an interesting talk in which he summarized how hard it is to crack commonly used keys in terms of how much energy is needed to power the cracking calculation.
For a key that provides 80 bits of security (like a 1,024-bit RSA key), Dan estimated that one can build a computer that will crack a key in about one year, but powering that computer will take almost exactly the entire output of a power plant for that year. That is almost believable, and it is just plausible enough to be the basis for the plot of an espionage novel.
But when anyone moves to 112 bits of security (like a 2,048-bit RSA key), Dan estimated that hackers can still crack a key in about a year, but doing it will take just about the amount of energy that the Earth receives from the sun for that year. Scale this to the amount of energy needed to crack a 128-bit AES key, and we find that the amount of energy needed is roughly the same amount the Earth receives from the sun in over 65,000 years. - 1
But don't be so sure! ANYTHING ENCRYPTED in 1024-bit could potentially be decrypted by a 3rd party in real time under the right circumstances.
Once that database is computed, the attack cost per connection is tiny. This is discussed at length in the LOGJAM attack.
For the special "trapdoored" 1024-bit primes being discussed here, it turns out that computing the database it at least 10,000 times easier than it would be for "honest" 1024-bit primes. - 2.
In fact with a mere 81 Pentium 4 chips and 104 hours of processing time 3 college students were able to crack a 1024 bit RSA Key by simply manipulating the powersupply. Such attacks reveal how relying on the difficulty of discretely computing a key is not sufficient security these days.
By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. - 3
Vast amounts of encrypted highly sensitive data is openly available for anyone to copy, with little concern because it is presumed the encryption is secure.
Any classically encrypted data could be preserved by a 3rd party indefinitely. When quantum computing reaches maturity, once secure data encrypted by individuals, companies, and governments can be DECRYPTED BY ANYONE AT NEAR-ZERO COST.
A significant percentage of computer scientists say practical quantum computing is only a matter of time, and once that happens (anywhere in the next 10 to 50 years, most of them forecast), public-key crypto systems that form the bedrock of most modern data protection will be trivial to break. Such a doomsday scenario would jeopardize not only all transactions and records going forward, but it would also allow attackers to decrypt more than half a century's worth of old communications, assuming someone took the time to collect and store the encrypted data. - 4
This inevitable quantum "doomsday" scenario will have effects on everything from cryptocurrency, banking, national security, personal privacy, and countless other areas off life.
NSA is reccomending to not invest heavily in the current standard SUITE-B until their new quantum resistant algorithm suite is available.
partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition." - 4
People in the know, reccomend using 4096-bit encryption, it is ✅SAFE (FOR NOW).
Known weaknesses involve Quantum Computing which is at least 10+ Years from being mainstream.
What are your thoughts can we rely on current encryption or is it just security theater? Also if there any security experts in the audience please share your insights on the subject.
ENCRYPTION SCORECARD
| ENCRYPTION STANDARD | SAFE TO USE | KNOWN WEAKNESS | DATA SECURITY HORIZON |
|---|---|---|---|
| ❌1024-bit encryption | ⛔UNSAFE | 🔣Trapdoor Primes, Known Exploits | 🕝0 Days |
| ❌2048-bit encryption | 📛LIKELY UNSAFE | 📛STATE LEVEL RESOURCES | 🕝2-5 Years |
| ✅4096-bit encryption | ✅SAFE FOR NOW | ✅QUANTUM COMPUTING | 🕝10+ Years |
| ❔NSA Quantum Resistant Algorithm | ❔UNKNOWN | ❔ Unknown Backdoors | 🕝50+ Years |
| ❔Quantum Encryption | ✅PROVABLY SAFE | ❔NOT AVAILABLE YET | 🕝INFINITE |
What are your thoughts can we rely on current encryption standards or is it just security theater?
Also if there any cryptography or security experts in the audience please share your insights on the subject.
Nested ciphers and statistically tapered arrays used to be good insurance to sort of build an more encapsulated encryption. But then the decoders got sneaky with some of the methods that you mention. It will be for a for ever arms race. Years ago I sat on a computer security committee that issued the same remarks every year that the only safe system was one that was shut off with nothing stored on it. It is one large chess game out there. You have to look at "reasonable measures". So in context for somethings it is both timely and prudent to use a quick cipher. Intelligence information is graded based on several factors like the quality of the source and if it was first hand or not. In operations security opsec they use three concentric circles of consideration to determine where to place countermeasures. So the most sensitive information contrasted by it's risk of detection and vulnerability gets the highest protection.
Really Interesting Article here ! Keep it up, following you now!
I had always taken the numbers quoted for cracking encrypted data seriously until I started reading about some of the optimization methods, trapdoor primes, and backdoors.
@steemitguide your post on the Importance of Hashing Algorithms makes some complimentary points about the limitations of quantum computers and the weakness of current algorithms.
Thanks for reading and following. Followed you back as well.