Rich Freeman on 12 Mar 2014 10:55:48 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Sensitive Personal Information In the Cloud? Why bother?

On Wed, Mar 12, 2014 at 1:12 PM, brent saner <> wrote:
> for the sake of my curiosity, can you highlight some of the algorithms that
> have been broken  vs. ones that haven't over the past 20 years off the top
> of your head (if you were referring to one/several in particular)?

Sure, just a few offhand:

DES - broken.  Granted, nobody really thought it was secure 20 years
ago, but it was officially blessed and in heavy use.
RSA-512 - broken - this was considered secure 20 years ago, but you
could certainly have used a larger key size back then.  I'm not sure
if anybody thought it would last 20 years.
RC4 - There is speculation that the NSA can read this.  It is in use today.

Those are really the ones I'm aware of that might be a surprise to
somebody from 20 years ago.  There are lots of examples like
short-key-length RC5 that were subjects of distributed computing
effort back in the 90s, but these short key lengths were never
considered viable for serious security - the efforts were more about
understanding the capabilities of brute-force attacks than anything
else, and were a bit part of the creation of distributed computing.

So, if you were using Norton Disk Encryption or something of that
caliber 20 years ago your data would be quite compromised today.  If
you were using even an early version of PGP you'd still be secure
today (assuming you didn't pick the 512-bit key size option).
RSA-1024 is looking pretty vulnerable today.  RSA-4096 will probably
be fine for quite a while longer.

Worth noting that all of the RSA attacks to-date do not use novel
methods of factoring.  The only thing that changed in 20 years was the
amount of CPU available due to Moore's law.  RSA is vulnerable to
Shor's algorithm, which has never been used in a practical attack, but
if somebody comes up with a practical quantum computer than I wouldn't
consider any RSA-based cipher secure (just a matter of time before
arbitrary key lengths are broken).

Regarding Moore's Law.  I don't think it can scale forever - we're
coming up on fundamental limits of physics these days, and I'm not
sure the size of components can continue to shrink below the atomic
scale.  Unless our understanding of physics is wrong below atomic
scale you eventually find that space itself is quantized and you can't
make things smaller than that (though that is quite small indeed!).
So, once key lengths get big enough brute force becomes impossible due
to limitations like the speed of light/etc (you can't build a computer
larger than the cosmic horizon).

So, at SOME point cryptography really will be secure against brute
force, but not against weaknesses in the algorithms themselves.  That
said, it might not be entirely practical if you need a computer the
size of a galaxy to encrypt a file such that you can ensure that your
code won't ever be breakable using a computer the size of the

And convenience does matter, since in the end you can have perfect
cryptography today if you just use the one-time pad.  If you use it to
encrypt your backups, just make sure you have a good way to backup the

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --