To read all comments associated with this story, please click here.

unclefester,

Late reply, sorry but I've been away.

A lot of posts seem to assume that a brute force approach can only attack a single key at a time. But as far as we know there may be ways of combining the effort to simultaneously brute force many AES keys with no/little extra cost.

As a simple example: finding prime numbers individually is (relatively) slow, but there are practical sieve algorithms which can test many thousands of candidates in one swoop.

Therefor the underlying assumption in the following quote (for example) may be false.

"If the effort to crack the encryption exceeds the potential value of the data then it is automatically secure. This is regardless of the actual strength of the algorithm. The CIA isn't going to spend 20 years and billions of dollars to see if there is some porn hidden on John Does's laptop."

Continuing with the fictitious numbers above, and assuming that all AES keys can be broken in parallel, then the CIA may very well find it worthwhile to spend billions of dollars (just a dent in military spending anyways) to reverse all keys of interest.

I'm not trying to make any assertions here that AES cracking is feasible, but we shouldn't assume that cracking K keys takes K times more resources than cracking a single key.

Member since:

2007-01-13

There is theoretical encryption and practical encryption. In reality good enough is more than adequate.

a) No one will even attempt to crack even basic encryption unless there is a relatively big incentive for doing so eg solve a major crime or obtain important military secrets.

b) Most encrypted data is only useful for a short period. This may be a few days for a terrorist bomb plot or a few years for top secret aircraft design. Virtually no secret is likely to be worth anything in 100 years.

If the effort to crack the encryption exceeds the potential value of the data then it is automatically secure. This is regardless of the actual strength of the algorithm. The CIA isn't going to spend 20 years and billions of dollars to see if there is some porn hidden on John Does's laptop.