You may have heard speculation that the NSA has secretly broken the strong cryptographic systems used to keep data secret -- after all, why collect all that scrambled data if they can't unscramble it? But Bruce Schneier argues (convincingly) that this is so impossible as to be fanciful. So why have they done this? My guess is that they're counting on flaws being revealed in the cryptographic implementations in the field (or maybe they've discovered such flaws and are keeping them secret). Or they're hoping for a big breakthrough in the future (quantum computing, anyone?).
Right now the upper practical limit on brute force is somewhere under 80 bits. However, using that as a guide gives us some indication as to how good an attack has to be to break any of the modern algorithms. These days, encryption algorithms have, at a minimum, 128-bit keys. That means any NSA cryptoanalytic breakthrough has to reduce the effective key length by at least 48 bits in order to be practical.
There’s more, though. That DES attack requires an impractical 70 terabytes of known plaintext encrypted with the key we’re trying to break. Other mathematical attacks require similar amounts of data. In order to be effective in decrypting actual operational traffic, the NSA needs an attack that can be executed with the known plaintext in a common MS-Word header: much, much less.
So while the NSA certainly has symmetric cryptanalysis capabilities that we in the academic world do not, converting that into practical attacks on the sorts of data it is likely to encounter seems so impossible as to be fanciful.
How Advanced Is the NSA’s Cryptanalysis — And Can We Resist It?
(Image: A Stick Figure Guide to the Advanced Encryption Standard (AES) )
If you’re a student journalist and want to attend HOPE XI, the Eleventh Hackers on Planet Earth conference (July 22-24, NYC) you can win free admission (and an interview with me!) by submitting an article about any of the topics come up at HOPE conferences! Get writing!
Earlier this month, I gave the afternoon keynote at the Internet Archive’s Decentralized Web Summit, and my talk was about how the people who founded the web with the idea of having an open, decentralized system ended up building a system that is increasingly monopolized by a few companies — and how we can prevent the same things from happening next time.
Since 2013, the World Wide Web Consortium (W3C) has been working with the major browser companies, Netflix, the MPAA, and a few other stakeholders to standardize “Encrypted Media Extensions” (EME), which attempts to control web users’ behavior by adding code to browsers that refuses to obey user instructions where they conflict with the instructions sent […]
Experienced shutterbugs with DSLR cameras have boatloads of lens options for capturing the moment. Unfortunately, smartphone photographers often get stuck with their one crummy lens, which means limited zoom and focus for their final image.Step up your smartphone’s photographic power with the Acesori 5-Piece Smartphone Camera Lens Kit, now just $9.99 in the Boing Boing Store.Magnetic rings easily […]
Some truths are universal. For one, your phone will always run out of power when you most need it. For another, the charging cords that come packaged with your Apple device will fray, split, and rip faster than Usain Bolt in a game of tag.Instead, pick up a charging cord that anyone would have a tough […]
Some people say magic tricks are nerdy and best left to your 12-year-old asthmatic cousin. But others see value in perfecting the slight of hand and showmanship associated with a perfectly executed routine. We’re firmly in the latter camp. And now, we’re giving you the ability to put a few parlor tricks up your sleeve with the Penguin […]