The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
It will have a length of 130 bits in 30 years. It will add a new piece each year. Even a single extra bit added to a symmetric key 30 years later makes it difficult to break since it overburdens the hacker’s processor in a very taxing way. Symmetric session keys are encryption and decryption keys that are produced at random to protect a user’s or a computer’s communications with another user or computer. Since the same key is used for both encryption and decryption, session keys are frequently referred to as symmetric keys. It would take 30 years to reach 130 bits in length for a symmetric session key, as the overall processing speed of microprocessors doubles nearly every year. Intriguingly, there are 340,282,366,920,938,463,463,374,607,431,768,211,456 possible encryption codes with a 128-bit key. It would take a long time to crack a 128-bit key using a ‘brute force’ assault, in which the attacker attempts every conceivable key until they succeed. It is possible to encrypt and decrypt data with a single key via symmetric encryption, also known as pre-shared key encryption. Having the same key for both the sender and the receiver is essential for effective communication. With a symmetric session key, the encryptor might choose a key that is identical to the decryption key. You mentioned brute force in one of your comments, and it turns out that the form of encryption technique utilized is weak and can be attacked by brute force. This can happen through the use of a dictionary list or the generation of random character values that are evaluated against the data provided. Keeping this in mind, I can see how having a larger key size is preferable, since it is more difficult to crack. A symmetric key can be made sufficiently secure by adding just one bit to its length in a year, as doing so doubles the effective search time. The amount of possible permutations is simply too large for the CPU to solve, even at twice the speed. When considering both clock speed and the number of circuits, the processing power of microprocessors doubles nearly every year. An example of symmetry today
Hi Samuel,
I like your in-depth explanation of why even increasing by one bit will make it significantly more difficult for hackers to brute-force a session key since it extends the number of possible codes by a significant amount.
Hello Samuel,
I enjoyed reading your well detailed explanation to this particular question. It is always a good idea to harden our defense mechanism to ensure that the cybercriminals won’t break into our systems and steal our data. CIA is very crucial to our assets.
I agree with your explanation. Your thought process was very detailed and in-depth. You covered many great, additional points including overburdening a hacker’s processor, the calculation of the possible encryption codes with 128 bits, and brute force.
I agree with you because more processing power and memory are required for longer symmetric keys. It makes sense for a system to have a minimum key length.
If computing power doubles each year, a symmetric encryption key would need to be 130 bits. Per the question 100 bits today is considered strong. If it is to remain strong in 30 years with processing power (quantum computing) ever evolving, it is imperative that encryption stays ahead of tools that would easily crack them. Therefore 130 bits would be needed as every year would add 1 additional bit.
In 30 years a key would be considered strong if it has 130 bits – one extra bit for each year – because of the fact that the speed of microprocessors doubles every year.
It would need to be 130 bits long to be considered strong. If the key length is increasing by a single bit every year and the end result is after 30 years, then it would require 130 bits to be considered strong in 30 years.
To be considered strong in 30 years the symmetric encryption key would need to be at least 130 bits long. This is because, at the current trajectory of processor innovation, we need an additional bit every year to compensate. Currently, 100 bits is considered strong, so in 30 years we’ll need an additional 30 bits resulting in a 130-bit long key.
Hey Max. I agree that more processing power = more likelihood of a crack which leads to the inevitable increase in bit key length.
A symmetric session also known as pre-shared key encryption utilizes a single key to both encrypt and decrypt data. In a situation whereby the total processing speed of microprocessors is doubling roughly every year and currently at 100 bits. After 30 years it will be 130 bits considering that 1 bit is added every year which makes it even harder to crack.
Today 100 bits is considered strong. In 30 years, the symmetric session key would have to be 130 bits to be considered strong. Each year the decryption doubles when the key length is increased by a single bit, which would be 130 bits in 30 years.
One of the interesting parts of binary math is that every time you add a bit to a binary number, it doubles. a 128 bit key is 2^128. a 129 bit key would be 2^129 or (2^128)*2.
If we start by acknowledging that Moore’s law is a loose estimate, not a hard formula and key lengths tend to be increased in discrete blocks of bytes (128, 192, and 256), not by one bit at a time, but for the sake of simplicity we just look at Moore’s law at speed x2 and bits as individual bits. Then we can start with the baseline that 128 bit key is good enough today (NIST would seem to agree, 128bit keys are their general recommendation), So by that assumption, the strength would need to double every 18 months to math the increase in processing power. So in 30 years, the estimate is that the key would need an additional 20 bits of length be be equally strong.
However, be estimates from some research suggest that either we will still be using AES 192 or 256 for symmetrical key ciphers without any worries of brute force breaking or that the key length of today’s ciphers won’t be applicable or comparable because quantum computing will have rendered them all obsolete.
Hey Dave,
I like that you brought up Moore’s law. It is fascinating how fast technology is progressing. A bit Ironic that we’re able to keep making these super-fast processors in crazy small sizes but our graphics cards are almost the width of full-size towers.
It will be about 130 bits in length. Every year, a new piece must be added. After 30 years, even a single bit added to a symmetric key makes it hard to crack because it will force the hacker to overburden his processor in a highly exhausting manner.