<<< Leaving MicrosecEU proposal for new e-signature regulation >>>

Using this Excel table, I would like to demonstrate how hard is it to brute force search ('crack') a cryptographic key of a certain length. You can set the length of the key you would like to attack, and you can also set how many computational units (processors) you have and how many keys each can try in a second. The Excel table will give you how many years it would take to crack the key.

brute_force.xlsx

(The first tab of the table is in Hungarian, click the second tab for English.)

The table uses very simple calculations and gives no exact value but a rough estimate only. Actually, there would be no point in providing an exact result, as both the number and the speed of our units would change in attack lasting so many years (let alone other major circumstances).

The table is supposed to demonstrate that if we choose a keysize which is considered secure today, then it does not matter at all how many and how fast units you use for the attacks; they are all hopeless as long as you give even remotely realistic numbers.

Naturally, this only works if the brute force attack is the best you can do against a crypto algorithm. For AES you should use the actual keysize, but e.g. for 3DES there are more efficient attacks then brute force. (Finding a 168-bit-long 3DES key is as hard as brute forcing a 112-bit-long key, and finding a 112-bit-long 3DES key is as hard as brute forcing a 80-bit-long key. This latter is not that hard anymore. See Wikipedia and NIST SP 800-57 for details.) For RSA, there are far more efficient attacks than brute force; the security of a 2048-bit-long RSA key corresponds to a 128-bit-long AES key, according to certain estimates. See keylength.com for details.

 

The corresponding entry in Hungarian...

 

 
This is my personal website, opinions expressed here are strictly my own, and do not reflect the opinion of my employer. My English blog is experimental and only a small portion of my Hungarian blog is available in English. Contents of my blog may be freely used according to Creative Commons license CC BY.