# Is 128 Bit Encryption Enough?

There are a lot of cloud services that tout encryption strength as a measure of how well they guard your data. It is quoted in bits, which is the
size of the key. So you see services quoting 128 bit, 256 bit or even
2048 bit.

What about these numbers​? Surely 256 is better than 128, and 2048 is even better yet.

What does it all mean, and how much do you need?

Encryption on computers uses the same principle as encryption of messages over the ages. To conceal information someone scrambles (encrypts) a message using a key. The key could be any text. Before computers it was often an agreed-on passage from a book. To descramble (decrypt) the message the key is used to reverse the encryption and arrive at the original message.

If you don’t have the key you are reduced to cracking the encryption by
brute force. This means trying every possible key until you hit upon the right one.

In software, keys are usually a random string of characters. Each character is 8 bits. So, for example, 16 random characters is 128 bits. If you have a monster 256-character key, it is 2048 bits.

Now to crack modern computerized cryptography there are no short cuts. The encryption (scrambling the data) is done so that no extra information
can be derived from the encrypted data. The only way to crack it is brute force.

So how long does that take? Can the NSA or other state actors crack all
encryption? How many bits of encryption make your data secure?

First thing is, don’t panic. The claims made about the capabilities of code
crackers are usually exaggerated. As Edward Snowden said, ‘trust the
math.’ Mathematics is a fact. The NSA is constrained by it as much as
everyone. So we can take a look at the math and draw some conclusions.

One simple fact is that each bit you add to a key doubles the number of
possible keys and hence doubles the amount of time it takes to try all
possible keys, i.e. a brute force attack.

One of the faster performed computer tasks is done by bitcoin miners
who use massive banks of specialized hardware to evaluate a hashing
function 300 quadrillion times a second (that’s three hundred thousand
trillion).

But how does the computer power to evaluate their hashing function compare to trying to see if a key is the right one for a set of data in the
course of a brute force attack?

Well it is a lot harder to test decrypting a block of text to see if the key works than to do what the bit coin miners do. However, in the spirit of erring on the conservative side, even though testing a key takes orders of magnitude more computing than the simple hash computation done by the bitcoin miners, we will assume that a state actor could test a million trillion keys a second.

Now if we look at how many possible 64-bit keys there are (multiply 2 by
itself 64 times) we get about a million trillion. So that would mean that the maximum possible decryption speed available today would be able to brute force a 64 bit key in a second.

That might sound scary. If you have a 128-bit key, and a 64-bit key can be
cracked in a second, surely the 128-bit key will be vulnerable.

Not so fast. There are around 32 million seconds in a year. 32 million is
25 doublings. So if you can crack a 64-bit key in a second it will take a
year for an 89-bit key (64 + 25). A million is 20 doublings, so an 109-bit key will take a million years.

Your 128-bit key is still 19 bits longer, which multiplies the time by 500,000. So to crack a 128-bit key with modern hardware is going to take around 500 billion years.

Moore’s law says that computers get twice as fast every 2 years. In cryptography terms that means that advances in computer power will give you one extra bit every two years. That is, if you can crack a 64-bit key in a second this year, you should be able to crack a 65-bit key in a second 2 years later.

On that basis increases in computer power would bring the time to crack a
128-key down to one year 78 years from now and 128 years to bring it
down to a second.

Given that our conservative estimates are orders of magnitude better than what can actually be done, we can conclude that 128 bit encryption is absolutely safe for the rest of the century from known technology.

So is there any technology that will speed up these attacks?

Many people point to quantum computing , claiming it will allow the decryption of long keys in incredibly short times.
However quantum computing is aimed at public-key cryptography
which is another type of cryptography. Public-key cryptography is very
important in that it is the technology that drives secure communications
such as SSL used to secure websites and the digital signing of documents, but it takes much more computer time and hence is not used for encryption of whole documents. Whether quantum computing will ever be practical remains to be seen, but it is not something that would apply to the type of cryptography we are talking here.