Re: Question about bit strength
- From: "giorgio.tani" <giorgio.tani@xxxxxxxx>
- Date: 13 Sep 2006 05:49:21 -0700
Hi, I hope to be costructive and to not repeat too much things posted
by other people:
First: strength
Make good guesses about strength of an encryption soultion is not very
easy.
The algorithms used to derive the key and for actual encryption process
have to be formally and practically analysed to try to understand what
characteristics are to be expected or, better, can be proven.
If an attack exist that can lead to expose the secret factor (the key)
or recover all the encrypted data in given steps, the strength of the
algorithm is at most equal to the number of steps needed to break it;
however it can exist partial breaks that expose part of the content, or
works under some circumstances (weak keys, known plaintext, encryption
of multiple plaintexts with the same key, issues for amount of data to
encrypt due to the block size etc), that can reduce even further an
effort of compromise the security of data encrypted with this
algorithm, a much more strict quantification of strength should take in
account also those events.
As you correctly guessed in another post, it's rather pointless
dicussing on algorithms without having the real thing to analyse, so
what is usaully needed is a) the algorithm itself b) a working
implementation available under a license that reasonably allow people
to study it c) creating a momentum of interest for drive actually
qualified people to study it, that is not easy (prizes are not usually
a silver bullet to get people involved)
This is however not an easy process, i.e. AES contest involved a lot of
highly qualified man power (and computing power) to analyse the
algorithms submitted, moreover the process is not likely going to
terminate somewhere in the near future, you shold reasonably expect
anytime anyone come out with a new idea that make the algorithm
requires new tests (also if none of the proven properties is
falsified).
That's why most people desire standards: to stick with things that
undergone to the whidest possible amount of analysis.
Second: key
There is also another limiting factor to the strength of the
encryption: the attacker may try all the keys, that is a brute force
attack.
If we chose a bigger keyspace, we don't authomatically make the system
stronger, since if we allow 2^n keys but the encryption due to
algorithm's weakness can be broken in 2^m steps, with m<n, the overall
strength will be m.
Moreover, we need a secure algorithm to derive the n bit key from the
secret shared between sender and receiver (a password, a key file, a
challange-response event etc).
If we prove that the encryption algorithm cannot be broken in less than
2^n steps and that the key derivation can efficiently use the 2^n
keyspace, then we can prove that the system will have n bit strength
(if we cannot prove it, but also cannot break it, we can even say that
no attack is known for the algorithm in a n bit keyspace).
Third: speed
The speed you provided should be contextualised, I mean, it would be
useful to know that on a sistem with given specs your implementation
encrypt x bit of data in y seconds while another product uses z
seconds.
You should also specify if it is aimed to be a practical benchmark (so,
opening files, reading/writing to disk, testing for I/O errors) or a
benchmark between reference implementations, that usually keep data in
memory to avoid disk bottleneck and usually performs minimal checking.
.
- Follow-Ups:
- Re: Question about bit strength
- From: Antony Clements
- Re: Question about bit strength
- References:
- Question about bit strength
- From: Antony Clements
- Question about bit strength
- Prev by Date: Re: Core2 benchmark results
- Next by Date: Re: Question about bit strength
- Previous by thread: Re: Question about bit strength
- Next by thread: Re: Question about bit strength
- Index(es):
Relevant Pages
|
