definition of Wikipedia
Advertizing ▼
In cryptography, key size or key length is the size measured in bits^{[1]} of the key used in a cryptographic algorithm (such as a cipher). An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits. The security of an algorithm cannot exceed its key length (since any algorithm can be cracked by brute force), but it can be smaller. For example, Triple DES has a key size of 168 bits but provides at most 112 bits of security, since an attack of complexity 2^{112} is known. This property of Triple DES is not a weakness provided 112 bits of security is sufficient for an application. Most symmetrickey algorithms in common use are designed to have security equal to their key length. No asymmetrickey algorithms with this property are known; elliptic curve cryptography comes the closest with an effective security of roughly half its key length.
Contents 
Keys are used to control the operation of a cipher so that only the correct key can convert encrypted text (ciphertext) to plaintext. Many ciphers are based on publicly known algorithms or are open source, and so it is only the difficulty of obtaining the key that determines security of the system, provided that there is no analytic attack (i.e., a 'structural weakness' in the algorithms or protocols used), and assuming that the key is not otherwise available (such as via theft, extortion, or compromise of computer systems). The widely accepted notion that the security of the system should depend on the key alone has been explicitly formulated by Auguste Kerckhoffs (in the 1880s) and Claude Shannon (in the 1940s); the statements are known as Kerckhoffs' principle and Shannon's Maxim respectively.
A key should therefore be large enough that a brute force attack (possible against any encryption algorithm) is infeasible – i.e., would take too long to execute. Shannon's work on information theory showed that to achieve so called perfect secrecy, it is necessary for the key length to be at least as large as the message to be transmitted and only used once (this algorithm is called the Onetime pad). In light of this, and the practical difficulty of managing such long keys, modern cryptographic practice has discarded the notion of perfect secrecy as a requirement for encryption, and instead focuses on computational security, under which the computational requirements of breaking an encrypted text must be infeasible for an attacker.
The preferred numbers commonly used as key sizes (in bits) are powers of two, potentially multiplied with a small odd integer.
Encryption systems are often grouped into families. Common families include symmetric systems (e.g. AES) and asymmetric systems (e.g. RSA); they may alternatively be grouped according to the central algorithm used (e.g. elliptic curve cryptography).
As each of these is of a different level of cryptographic complexity, it is usual to have different key sizes for the same level of security, depending upon the algorithm used. For example, the security available with a 1024bit key using asymmetric RSA is considered approximately equal in security to an 80bit key in a symmetric algorithm (Source: RSA Security).
The actual degree of security achieved over time varies, as more computational power and more powerful mathematical analytic methods become available. For this reason cryptologists tend to look at indicators that an algorithm or key length shows signs of potential vulnerability, to move to longer key sizes or more difficult algorithms. For example as of May 2007^{[update]}, a 1039 bit integer was factored with the special number field sieve using 400 computers over 11 months.^{[2]} The factored number was of a special form; the special number field sieve cannot be used on RSA keys. The computation is roughly equivalent to breaking a 700 bit RSA key. However, this might be an advanced warning that 1024 bit RSA used in secure online commerce should be deprecated, since they may become breakable in the near future. Cryptography professor Arjen Lenstra observed that "Last time, it took nine years for us to generalize from a special to a nonspecial, hardtofactor number" and when asked whether 1024bit RSA keys are dead, said: "The answer to that question is an unqualified yes."^{[3]}
Even if a symmetric cipher is currently unbreakable by exploiting structural weaknesses in its algorithm, it is possible to run through the entire space of keys in what is known as a brute force attack. Since longer symmetric keys require exponentially more work to brute force search, a sufficiently long symmetric key makes this line of attack impractical.
With a key of length n bits, there are 2^{n} possible keys. This number grows very rapidly as n increases. Moore's law suggests that computing power doubles roughly every 18 to 24 months, but even this doubling effect leaves the larger symmetric key lengths currently considered acceptable well out of reach. The large number of operations (2^{128}) required to try all possible 128bit keys is widely considered to be out of reach for conventional digital computing techniques for the foreseeable future. However, alternative forms of computing technology are anticipated which may have superior processing power than classical computers. If a suitably sized quantum computer capable of running Grover's algorithm reliably becomes available, it would reduce a 128bit key down to 64bit security, roughly a DES equivalent. This is one of the reasons why AES supports a 256bit key length. See the discussion on the relationship between key lengths and quantum computing attacks at the bottom of this page for more information.
US Government export policy has long restricted the 'strength' of cryptography which can be sent out of the country. For many years the limit was 40 bits. Today, a key length of 40 bits offers little protection against even a casual attacker with a single PC, a predictable and inevitable consequence of governmental restrictions limiting key length. In response, by the year 2000, most of the major US restrictions on the use of strong encryption were relaxed.^{[4]} However, not all regulations have been removed, and encryption registration with the U.S. Bureau of Industry and Security is still required to export "mass market encryption commodities, software and components with encryption exceeding 64 bits" (75 F.R. 36494).
When the Data Encryption Standard cipher was released in 1977, a key length of 56 bits was thought to be sufficient. There was speculation at the time, however, that the NSA has deliberately reduced the key size from the original value of 112 bits (in IBM's Lucifer cipher) or 64 bits (in one of the versions of what was adopted as DES) so as to limit the strength of encryption available to nonUS users. The NSA has major computing resources and a large budget; some thought that 56 bits was NSAbreakable in the late '70s. However, by the late 90s, it became clear that DES could be cracked in a few days' timeframe with custombuilt hardware such as could be purchased by a large corporation.^{[5]} The book Cracking DES (O'Reilly and Associates) tells of the successful attempt to break 56bit DES by a brute force attack mounted by a cyber civil rights group with limited resources; see EFF DES cracker. 56 bits is now considered insufficient length for symmetric algorithm keys, and may have been for some time. More technically and financially capable organizations were surely able to do the same long before the effort described in the book. Distributed.net and its volunteers broke a 64bit RC5 key in several years, using about seventy thousand (mostly home) computers.
The NSA's Skipjack algorithm used in its Fortezza program employs 80 bit keys.
DES has been replaced in many applications by Triple DES, which has 112 bits of security with 168bit keys.
The Advanced Encryption Standard published in 2001 uses a key size of (at minimum) 128 bits. It also can use keys up to 256 bits (a specification requirement for submissions to the AES contest). 128 bits is currently thought, by many observers, to be sufficient for the foreseeable future for symmetric algorithms of AES's quality. The U.S. Government requires 192 or 256bit AES keys for highly sensitive data.
In 2003 the U.S. National Institute for Standards and Technology, NIST, proposed that 80bit keys should be phased out by 2015. As of 2005, 80bit keys were allowed to be used only until 2010.
The effectiveness of public key cryptosystems depends on the intractability (computational and theoretical) of certain mathematical problems such as integer factorization. These problems are time consuming to solve, but usually faster than trying all possible keys by brute force. Thus, asymmetric algorithm keys must be longer for equivalent resistance to attack than symmetric algorithm keys. As of 2002, a key length of 1024 bits was generally considered the minimum necessary for the RSA encryption algorithm.
As of 2003^{[update]} RSA Security claims that 1024bit RSA keys are equivalent in strength to 80bit symmetric keys, 2048bit RSA keys to 112bit symmetric keys and 3072bit RSA keys to 128bit symmetric keys. RSA claims that 1024bit keys are likely to become crackable some time between 2006 and 2010 and that 2048bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030.^{[6]} NIST key management guidelines further suggest that 15360bit RSA keys are equivalent in strength to 256bit symmetric keys.^{[7]}
The Finite Field DiffieHellman algorithm has roughly the same key strength as RSA for the same key sizes. The work factor for breaking DiffieHellman is based on the discrete logarithm problem, which is related to the integer factorization problem on which RSA's strength is based. Thus, a 3072bit DiffieHellman key has about the same strength as a 3072bit RSA key.
One of the asymmetric algorithm types, elliptic curve cryptography, or ECC, appears to be secure with shorter keys than those needed by other asymmetric key algorithms. NIST guidelines state that ECC keys should be twice the length of equivalent strength symmetric key algorithms. So, for example, a 224bit ECC key would have roughly the same strength as a 112bit symmetric key. These estimates assume no major breakthroughs in solving the underlying mathematical problems that ECC is based on. A message encrypted with an elliptic key algorithm using a 109bit long key has been broken by brute force.^{[8]}
The NSA specifies that "Elliptic Curve Public Key Cryptography using the 256bit prime modulus elliptic curve as specified in FIPS1862 and SHA256 are appropriate for protecting classified information up to the SECRET level. Use of the 384bit prime modulus elliptic curve and SHA384 are necessary for the protection of TOP SECRET information."^{[9]}
This unreferenced section requires citations to ensure verifiability. 
The two best known quantum computing attacks are based on Shor's algorithm and Grover's algorithm. Of the two, Shor's offers the greater risk to current security systems.
Derivatives of Shor's algorithm are widely conjectured to be effective against all mainstream publickey algorithms including RSA, DiffieHellman and elliptic curve cryptography. According to Professor Gilles Brassard, an expert in quantum computing: "The time needed to factor an RSA integer is the same order as the time needed to use that same integer as modulus for a single RSA encryption. In other words, it takes no more time to break RSA on a quantum computer (up to a multiplicative constant) than to use it legitimately on a classical computer." The general consensus is that these public key algorithms are insecure at any key size if sufficiently large quantum computers capable of running Shor's algorithm become available. The implication of this attack is that all data encrypted using current standards based security systems such as the ubiquitous SSL used to protect ecommerce and Internet banking and SSH used to protect access to sensitive computing systems is at risk. Encrypted data protected using publickey algorithms can be archived and may be broken at a later time.
Mainstream symmetric ciphers (such as AES or Twofish) and collision resistant hash functions (such as SHA) are widely conjectured to offer greater security against known quantum computing attacks. They are widely conjectured to be most vulnerable to Grover's algorithm. Bennett, Bernstein, Brassard, and Vazirani proved in 1996 that a bruteforce key search on a quantum computer cannot be faster than roughly 2^{n/2} invocations of the underlying cryptographic algorithm, compared with roughly 2^{n} in the classical case.^{[10]} Thus in the presence of large quantum computers an nbit key can provide at least n/2 bits of security. Quantum brute force is easily defeated by doubling the key length, which has little extra computational cost in ordinary use. This implies that at least a 160bit symmetric key is required to achieve 80bit security rating against a quantum computer.

sensagent's content
Dictionary and translator for handheld
New : sensagent is now available on your handheld
Advertising ▼
Webmaster Solution
Alexandria
A windows (popinto) of information (fullcontent of Sensagent) triggered by doubleclicking any word on your webpage. Give contextual explanation and translation from your sites !
SensagentBox
With a SensagentBox, visitors to your site can access reliable information on over 5 million pages provided by Sensagent.com. Choose the design that fits your site.
Business solution
Improve your site content
Add new content to your site from Sensagent by XML.
Crawl products or adds
Get XML access to reach the best products.
Index images and define metadata
Get XML access to fix the meaning of your metadata.
Please, email us to describe your idea.
Lettris
Lettris is a curious tetrisclone game where all the bricks have the same square shape but different content. Each square carries a letter. To make squares disappear and save space for other squares you have to assemble English words (left, right, up, down) from the falling squares.
boggle
Boggle gives you 3 minutes to find as many words (3 letters or more) as you can in a grid of 16 letters. You can also try the grid of 16 letters. Letters must be adjacent and longer words score better. See if you can get into the grid Hall of Fame !
English dictionary
Main references
Most English definitions are provided by WordNet .
English thesaurus is mainly derived from The Integral Dictionary (TID).
English Encyclopedia is licensed by Wikipedia (GNU).
Copyrights
The wordgames anagrams, crossword, Lettris and Boggle are provided by Memodata.
The web service Alexandria is granted from Memodata for the Ebay search.
The SensagentBox are offered by sensAgent.
Translation
Change the target language to find translations.
Tips: browse the semantic fields (see From ideas to words) in two languages to learn more.
last searches on the dictionary :
computed in 0.031s