The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.

## Reader Interactions

### Comments

### Leave a Reply

You must be logged in to post a comment.

Samuel Omotosho says

It will have a length of 130 bits in 30 years. It will add a new piece each year. Even a single extra bit added to a symmetric key 30 years later makes it difficult to break since it overburdens the hacker’s processor in a very taxing way. Symmetric session keys are encryption and decryption keys that are produced at random to protect a user’s or a computer’s communications with another user or computer. Since the same key is used for both encryption and decryption, session keys are frequently referred to as symmetric keys. It would take 30 years to reach 130 bits in length for a symmetric session key, as the overall processing speed of microprocessors doubles nearly every year. Intriguingly, there are 340,282,366,920,938,463,463,374,607,431,768,211,456 possible encryption codes with a 128-bit key. It would take a long time to crack a 128-bit key using a ‘brute force’ assault, in which the attacker attempts every conceivable key until they succeed. It is possible to encrypt and decrypt data with a single key via symmetric encryption, also known as pre-shared key encryption. Having the same key for both the sender and the receiver is essential for effective communication. With a symmetric session key, the encryptor might choose a key that is identical to the decryption key. You mentioned brute force in one of your comments, and it turns out that the form of encryption technique utilized is weak and can be attacked by brute force. This can happen through the use of a dictionary list or the generation of random character values that are evaluated against the data provided. Keeping this in mind, I can see how having a larger key size is preferable, since it is more difficult to crack. A symmetric key can be made sufficiently secure by adding just one bit to its length in a year, as doing so doubles the effective search time. The amount of possible permutations is simply too large for the CPU to solve, even at twice the speed. When considering both clock speed and the number of circuits, the processing power of microprocessors doubles nearly every year. An example of symmetry today

Kenneth Saltisky says

Hi Samuel,

I like your in-depth explanation of why even increasing by one bit will make it significantly more difficult for hackers to brute-force a session key since it extends the number of possible codes by a significant amount.

Shepherd Shenjere says

Hello Samuel,

I enjoyed reading your well detailed explanation to this particular question. It is always a good idea to harden our defense mechanism to ensure that the cybercriminals won’t break into our systems and steal our data. CIA is very crucial to our assets.

Jill Brummer says

I agree with your explanation. Your thought process was very detailed and in-depth. You covered many great, additional points including overburdening a hacker’s processor, the calculation of the possible encryption codes with 128 bits, and brute force.

Abayomi Aiyedebinu says

I agree with you because more processing power and memory are required for longer symmetric keys. It makes sense for a system to have a minimum key length.

Nicholas Foster says

If computing power doubles each year, a symmetric encryption key would need to be 130 bits. Per the question 100 bits today is considered strong. If it is to remain strong in 30 years with processing power (quantum computing) ever evolving, it is imperative that encryption stays ahead of tools that would easily crack them. Therefore 130 bits would be needed as every year would add 1 additional bit.

Matthew Stasiak says

In 30 years a key would be considered strong if it has 130 bits – one extra bit for each year – because of the fact that the speed of microprocessors doubles every year.

Kenneth Saltisky says

It would need to be 130 bits long to be considered strong. If the key length is increasing by a single bit every year and the end result is after 30 years, then it would require 130 bits to be considered strong in 30 years.

Maxwell ODonnell says

To be considered strong in 30 years the symmetric encryption key would need to be at least 130 bits long. This is because, at the current trajectory of processor innovation, we need an additional bit every year to compensate. Currently, 100 bits is considered strong, so in 30 years we’ll need an additional 30 bits resulting in a 130-bit long key.

Matthew Stasiak says

Hey Max. I agree that more processing power = more likelihood of a crack which leads to the inevitable increase in bit key length.

Shepherd Shenjere says

A symmetric session also known as pre-shared key encryption utilizes a single key to both encrypt and decrypt data. In a situation whereby the total processing speed of microprocessors is doubling roughly every year and currently at 100 bits. After 30 years it will be 130 bits considering that 1 bit is added every year which makes it even harder to crack.

Jill Brummer says

Today 100 bits is considered strong. In 30 years, the symmetric session key would have to be 130 bits to be considered strong. Each year the decryption doubles when the key length is increased by a single bit, which would be 130 bits in 30 years.

David Vanaman says

One of the interesting parts of binary math is that every time you add a bit to a binary number, it doubles. a 128 bit key is 2^128. a 129 bit key would be 2^129 or (2^128)*2.

If we start by acknowledging that Moore’s law is a loose estimate, not a hard formula and key lengths tend to be increased in discrete blocks of bytes (128, 192, and 256), not by one bit at a time, but for the sake of simplicity we just look at Moore’s law at speed x2 and bits as individual bits. Then we can start with the baseline that 128 bit key is good enough today (NIST would seem to agree, 128bit keys are their general recommendation), So by that assumption, the strength would need to double every 18 months to math the increase in processing power. So in 30 years, the estimate is that the key would need an additional 20 bits of length be be equally strong.

However, be estimates from some research suggest that either we will still be using AES 192 or 256 for symmetrical key ciphers without any worries of brute force breaking or that the key length of today’s ciphers won’t be applicable or comparable because quantum computing will have rendered them all obsolete.

Nicholas Foster says

Hey Dave,

I like that you brought up Moore’s law. It is fascinating how fast technology is progressing. A bit Ironic that we’re able to keep making these super-fast processors in crazy small sizes but our graphics cards are almost the width of full-size towers.

Abayomi Aiyedebinu says

It will be about 130 bits in length. Every year, a new piece must be added. After 30 years, even a single bit added to a symmetric key makes it hard to crack because it will force the hacker to overburden his processor in a highly exhausting manner.