@RISK Online - The Security Blog
1 user(s) online.
[Previous entry: "Viruses: Then and Now"] [Main Index] [Next entry: "PKI: It's all about Trust"]
09/28/1999: "Can you keep a secret?"
What is encryption and what is it used for? Did you ever have a secret decoder ring as a child? If you ever had one, then you had a simple encryption device. Encryption is a technique of scrambling information in such a manner that it can be unscrambled... but only if you know the secret code!
Take your secret decoder ring for example. It used a simple character replacement method to "encode" a message. A simple form of this is to replace all letters of the alphabet with a number like this: A=1, B=2, C=3, etc. Using this method, take note of the following conversion:
H i J i m , h o w a r e y o u ?
8 9 10 9 13 , 8 15 23 1 18 5 25 15 21 ?
Now this is a great game for children, but it certainly won't protect sensitive government documents. Something more complex is needed. The more important it is to keep the information safe, the stronger (more complex, difficult to decode) the encryption needed. The example above would be "cracked" or decoded almost instantly by an expert and in probably just a couple of minutes by an average person. Real world encryption techniques use complex mathematical algorithms (formulas), in conjunction with a password (key), to encode data. The longer the key, the more secure the information being encoded. How long a key should you use? That depends on how secure you need the data. The longer the key, the more computing required to crack the code.
What's the minimum key size required to ensure security? That changes over time. As computing power grows exponentially, the key size required to ensure your security will have to grow too. Recently a team of cryptographic researchers was awarded first prize in the "RSA Factoring Challenge". RSA refers to RSA Data Security, Inc. This company developed an encryption algorithm known as RC5, which uses extremely large prime numbers to encode data. The RSA Factoring challenge is an open contest to try and crack the key on a given sample of encrypted data. The team was able to factor two very large prime numbers (a prime number is a number that is only divisible by itself and 1) used to generate a single 512-bit RSA key. This key length is equivalent to 155 decimal digits (imagine a prime number 155 digits long!). Factoring this key took an elapsed time of 5.2 months, plus nine weeks of preliminary computations, and was accomplished using 292 individual computers located at 11 different sites around the world! This has been calculated as approximately 8000 MIPS-years of CPU effort (MIPS - a measure of processor power and speed. Millions of Instructions Per Second). In simpler terms, this amount of work done by a single computer would take significantly longer than the estimated age of the universe to complete.
With this latest benchmark set, the U.S. National institute for Standards and Technology (NIST) has begun the process of replacing the nation's 20-year-old Data Encryption Standard (DES). The new standard (known as the Advanced Encryption Standard) will employ larger keys to resist the type of brute-force attacks that are now feasible. The field has already been narrowed to five final candidates, but it will take a few years to evaluate the candidates and make a selection. All information on these new technologies is fully available to the public, and will undergo rigorous testing and analysis before final acceptance. With luck this new standard will protect all our valuable information well into the next millennium.
|
| September 1999 | | S | M | T | W | T | F | S | | | | | | | 1 |
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | | | | | | |
Blogroll Me!
Navigation:
Home
Archives
About Me
Articles
Email
News Feed
Projects
My Blogroll:
Security Advisories:
Anti-Phishing
AUSCERT
BugBlog
CERIAS
CERT
CIAC
Cisco Advisories
F-Secure
iDefense
ISS XForce
McAfee
Windows Security
Oracle Alerts
Secunia
Security Corporation
Security Focus
Security Tracker
SGI Advisories
Sun Alerts
Symantec
Trend Micro
Zone-H
Defacements Archive:
Zone-H Digital Archive
Security News:
DShield
Help Net Security
Internet Storm Center
Linux Security
NewsNow: Encryption/Security
NewsNow: Hacking
Packet Storm
Securiteam
Security News Portal
Security Stats
Security Focus
Risks Digest
Zone-H
Security Tools:
Packet Storm
Astalavista
Help Net Security
Packet Factory
Security Focus
|
