One of the problems with discussing encryption technology is the relative usefulness of terms- the distinction in the literature between 'strong' and 'weak' encryption is an example. Experts frequently debate in terms of 1024-bit, 2048-bit & 4096-bit key-lengths (vs. 56-bit DES today) - although here the assumption is that if a user wants material to be protected now, they will presumably want it protected tomorrow, and twenty years from now. Given the accelerated increase of availability of computer processing power therefore (the argument goes) one must guard not against computers based upon present capabilities, but those of computers for as long as the user wants the material to remain safeguarded. In 1997, Ian Goldberg, a University of Waterloo graduate, while studying at Berkeley, took up a challenge from RSA Data Security (who provide the security software 'engines' for Novell Networked Systems) to take apart their 128-bit protective key. Goldberg got access to Berkeley's considerable networked computing power for a night and 'brute-force' attacked the RSA code. With 250 computers it took just under four hours.
"It is almost universally recognized that 40-bit keys provide virtually no protection against threats today, except against the most casual 'attacker'. Even 56-bit keys, which are used in the 20-year-old
Data Encryption Standard, are too short to protect commercial
information given a modestly well-funded attack model. Both the Business Software Alliance and the
National Research Council study group have noted the vulnerability of these short keys." -
Matt Blaze,
Cryptography Policy and the
Information Economy,
AT&T Labs Research, Dec. 27, 1996 -
Electronic Freedom Foundation archive : http://www.eff.org