keyze opened this issue on Dec 03, 2011 · 97 posts
bagginsbill posted Mon, 05 December 2011 at 7:54 PM
shvrdavid,
I don't mean to offend, but you are not relaying facts with any accuracy. They did not break 512 bit and 660 bit RSA encryption. What they did was factor a 512 bit integer. Not at all the same thing.
Public key encryption incorporates two numbers that are related according to the factors of a very large number. This is not at all the same as the factors themselves being guessed.
While it is possible to factor a 512 bit number in a reasonable amount of time, it is not at all possible to guess a 256 bit random number in the same amount of time. It is these 256 bit random numbers that are used for AES 256 session keys, and other similar symmetric crypto systems.
256-bit fails when the pattern is not random, but is produced as a function of a simple password - often a stupid simple word out of the dictionary. In such cases, one does not have to guess the full 256-bit number. One only has to guess the word used to generate it, and to know the algorithm to convert the word to the 256-bit number. Failure to recognize this form of vulnerability is the primary factor in permitting dictionary attacks on 256-bit encryption in something less than the age of the universe. You're no longer encoding any value from all possible 256-bit values. Instead, it's only about 20 bits. Even if you use a phrase of two or three words, you're still less than 50 bits.
Hybrid crypto systems combine the public key with the symmetric key systems. Also, I can easily cascade several layers of these together, creating the equivalent of 1024 bit keys. Even if we double computing speeds, and double the number of computers, for 1000 years, you will not be able to crack these.
Really - I can't go explain the whole theory of cryptography, in order to get you to believe that you're not explaining anything correctly. But that's what it would take.
Seriously, I have been hired by a very respectable and well-known company in the encryption space, a company that protects the financial data of the majority of banks in America. I can assure you that you cannot crypto-analyze their data in anything less than the remaining age of the universe. They do not need me to design crypto for them - they need to me to make it easy to use and to make it transparent so ordinary humans can use it well.
Yes, there are individual incidents involving the crypto equivalent of "morons" who associate their keys with easily guessed passwords. These examples are in no way representative of the state of the art. I assure you, that if you "do the math", you will find that even if you have 1 trillion computers, each with 3,200,000 GPU elements, you still could not break the 256 bit encryption before you are dead.
Also, I cannot explain more about the product I'm working on, but it is groundbreaking and really does work to bring solid encryption to the masses. The government will not be able to read your stuff with a subpeona to Amazon after I'm done.
Renderosity forum reply notifications are wonky. If I read a follow-up in a thread, but I don't myself reply, then notifications no longer happen AT ALL on that thread. So if I seem to be ignoring a question, that's why. (Updated September 23, 2019)