Resist Brute Force Attacks

Length of Encryption Keys:

A little trip down memory lane: In a meeting at the National Security Agency headquarters in November 2004, NIST representative Bill Burr told me that chances of finding an advocate of short (forty bit) keys in the Administration was about the same as finding Nazis in Germany in 1947. That's an oblique way of saying nobody will admit to it. But very short encryption keys were the order of the day for many years.

 

What's that all about? It's that longer encryption keys make it more difficult for hackers to try every possible key in what is called a brute force attack. The current status: The Bureau of Industry and Security through its Export Administration Regulations still controls the export of symmetric keys that are longer than 64 bits. (Symmetric means that the person encrypting and the person decrypting both need to use the same key.)

 

What is the Bureau of Industry and Security telling us? That the easiest way to defeat brute force attacks is to use longer keys.

 

Okay, our Extreme Encryption technology uses much longer keys. Extreme Encryption is not for export. You will see that under the Social Responsibility goal that Extreme Encryption is not for sale to anyone other than the United States government and organizations either sponsored by a government agency or contractually serving government needs. The purpose is simple: to keep state-sponsored hackers in China from stealing our technology and government secrets. Like it or not, we are engaged in cyber-warfare.

Count of Encryption Keys:

In its current release, Extreme Encryption has over 10 to the power 623 (10623) unique keys. Suppose one billion computers each tried one billion unique keys per second. That's equivalent to 3.1 times 10 to the power 25 (1025) keys per year. It would take those superspeed computers about 10598 years to crack one encrypted file or message. Put that in perspective: a typical lifespan of a hacker is less than 102 years, and the lifespan of the universe is approximately 1.38 times 1010 years.

 

In summary: Brute force attack on Extreme Encryption? Forget about it. It is "computationally infeasible".

"Good Enough" Encryption:

Cyberian™ and Cyberian™ Tiger are scaled down versions of Extreme Encryption.

 

Cyberian™ has only ten million unique keys -- the numbers 0000000 through 9999999. Cyberian™ Tiger has many more unique keys, 78.3 billion altogether. Both products are vulnerable to brute force attacks. The question is how much is your information (files or messages) worth to a person who might be interested? You can be pretty sure that app developers aren't going to try up to ten million keys in order to read just one of your emails. See Tech’s 'Dirty Secret': The App Developers Sifting Through Your Gmail by Douglas MacMillan in the Wall Street Journal, July 2, 2018. If the data is your firm's strategic plans for the next five years, no competitor will have the resources or the willingness to try up to 78 billion keys.

 

In other words, we have presented products that are scaled to the likelihood of someone valuing your information highly enough to spend heavily enough to decrypt it -- especially if you use a different key for each file and message. Your data may be interesting. But it's surely not that interesting!

Cyberian Tiger