There are a lot of cloud services that tout encryption strength as a measure of how well they guard your data. It is quoted in bits, which is the

size of the key. So you see services quoting 128 bit, 256 bit or even

2048 bit.

What about these numbers? Surely 256 is better than 128, and 2048 is even better yet.

What does it all mean, and how much do you need?

Encryption on computers uses the same principle as encryption of messages over the ages. To conceal information someone scrambles (encrypts) a message using a key. The key could be any text. Before computers it was often an agreed-on passage from a book. To descramble (decrypt) the message the key is used to reverse the encryption and arrive at the original message.

If you don’t have the key you are reduced to cracking the encryption by

brute force. This means trying every possible key until you hit upon the right one.

In software, keys are usually a random string of characters. Each character is 8 bits. So, for example, 16 random characters is 128 bits. If you have a monster 256-character key, it is 2048 bits.

Now to crack modern computerized cryptography there are no short cuts. The encryption (scrambling the data) is done so that no extra information

can be derived from the encrypted data. The only way to crack it is brute force.

So how long does that take? Can the NSA or other state actors crack all

encryption? How many bits of encryption make your data secure?

First thing is, don’t panic. The claims made about the capabilities of code

crackers are usually exaggerated. As Edward Snowden said, ‘trust the

math.’ Mathematics is a fact. The NSA is constrained by it as much as

everyone. So we can take a look at the math and draw some conclusions.

One simple fact is that each bit you add to a key doubles the number of

possible keys and hence doubles the amount of time it takes to try all

possible keys, i.e. a brute force attack.

who use massive banks of specialized hardware to evaluate a hashing

function 300 quadrillion times a second (that’s three hundred thousand

trillion).

But how does the computer power to evaluate their hashing function compare to trying to see if a key is the right one for a set of data in the

course of a brute force attack?

Well it is a lot harder to test decrypting a block of text to see if the key works than to do what the bit coin miners do. However, in the spirit of erring on the conservative side, even though testing a key takes orders of magnitude more computing than the simple hash computation done by the bitcoin miners, we will assume that a state actor could test a million trillion keys a second.

Now if we look at how many possible 64-bit keys there are (multiply 2 by

itself 64 times) we get about a million trillion. So that would mean that the maximum possible decryption speed available today would be able to brute force a 64 bit key in a second.

That might sound scary. If you have a 128-bit key, and a 64-bit key can be

cracked in a second, surely the 128-bit key will be vulnerable.

Not so fast. There are around 32 million seconds in a year. 32 million is

25 doublings. So if you can crack a 64-bit key in a second it will take a

year for an 89-bit key (64 + 25). A million is 20 doublings, so an 109-bit key will take a million years.

Your 128-bit key is still 19 bits longer, which multiplies the time by 500,000. So to crack a 128-bit key with modern hardware is going to take around 500 billion years.

On that basis increases in computer power would bring the time to crack a

128-key down to one year 78 years from now and 128 years to bring it

down to a second.

Given that our conservative estimates are orders of magnitude better than what can actually be done, we can conclude that 128 bit encryption is absolutely safe for the rest of the century from known technology.

So is there any technology that will speed up these attacks?

which is another type of cryptography. Public-key cryptography is very

important in that it is the technology that drives secure communications

such as SSL used to secure websites and the digital signing of documents, but it takes much more computer time and hence is not used for encryption of whole documents. Whether quantum computing will ever be practical remains to be seen, but it is not something that would apply to the type of cryptography we are talking here.

Bottom line: If you or your service providers use 128-bit encryption you can

relax — there are other things much more serious to worry about.