在起诉书中,导致驱逐10 Russian spiesfrom the U.S. last summer, the FBI said that it had gained access to their encrypted communications after surreptitiously entering one of the spies' homes, where agents found a piece of paper with a 27-character password.
In essence, the FBI found it more productive to burglarize a house than to crack a 216-bit code, despite having the computational resources of the U.S. government behind it. That's because modern cryptography, when used correctly, is very strong. Cracking an encrypted message can take an incredibly long time.
加密破解挑战的规模
今天的encryptionalgorithms can be broken. Their security derives from the wildly impractical lengths of time it can take to do so.
Let's say you're using a 128-bit AES cipher. The number of possible keys with 128 bits is 2 raised to the power of 128, or 3.4x1038, or 340 undecillion. Assuming no information on the nature of the key is available (such as the fact that the owner likes to use his or her children's birthdays), a code-breaking attempt would require testing each possible key until one was found that worked.
假设足够的计算能力被积累到测试每秒1个万亿键,测试所有可能的密钥将需要10.79三次方年。这是关于可见宇宙(13.75十亿年)的年龄7.85亿次。在另一方面,你可能会在第10分钟幸运。
But using quantum technology with the same throughput, exhausting the possibilities of a 128-bit AES key would take about six months. If a quantum system had to crack a 256-bit key, it would take about as much time as a conventional computer needs to crack a 128-bit key.
一台量子计算机可以破解几乎立即使用RSA或EC算法的加密。
-- Lamont Wood
"The entire commercial world runs off the assumption that encryption is rock-solid and is not breakable," says Joe Moorcones, a vice president at SafeNet, an information security vendor in Belcamp, Md.
这就是今天的情况。但可预见的未来内,破解这些相同的代码可能就变得琐碎,由于量子计算。
Before learning about the threat of quantum computing, it helps to understand the current state of encryption. There are two kinds of encryption algorithms used in enterprise-level communications security: symmetric and asymmetric, Moorcones explains. Symmetric algorithms are typically used to send the actual information, whereas asymmetric algorithms are used to send both the information and the keys.
Symmetric encryption requires that the sender and receiver both use the same algorithm and the same encryption key. Decryption is simply the reverse of the encryption process -- hence the "symmetric" label.
有大量的对称算法,但大多数企业使用的高级加密标准(AES),经过五年的试验由美国国家标准与技术研究所于2001年出版。它取代了数据加密标准(DES),开张于1976年,使用56位的密钥。
AES,其通常使用的是或者是128个或256比特长,从未被打破键虽然DES现在可以在几个小时内就被打破,Moorcones说。AES已被批准用于未被归类敏感的美国政府信息,他补充道。
至于分类信息,该算法用来保护它,当然,自己分类。“他们更多的是相同的 - 他们把一些花里胡哨的功能,使它们容易被破解,” IDC分析师Charles Kolodgy说。他们使用多种算法,他说。
The genuine weakness of AES -- and any symmetric system -- is that the sender has to get the key to the receiver. If that key is intercepted, transmissions become an open book. That's where asymmetric algorithms come in.
Moorcones explains that asymmetric systems are also called public-key cryptography because they use a public key for encryption -- but they use a different, private key for decryption. "You can post your public key in a directory with your name next to it, and I can use it to encrypt a message to you, but you are the only person with your private key, so you are the only person who can decrypt it."
The most common asymmetric algorithm is RSA (named for inventors Ron Rivest, Adi Shamir and Len Adleman). It is based on the difficulty of factoring large numbers, from which the two keys are derived.
But RSA messages with keys as long as 768 bits have been broken, says Paul Kocher, head of security firm Cryptography Research in San Francisco. "I would guess that in five years, even 1,024 bits will be broken," he says.
Moorcones adds, "You often see 2,048-bit RSA keys used to protect 256-bit AES keys."
除了创造更长的RSA密钥,用户也转向椭圆曲线(EC)算法的基础上,用来描述曲线,安全性再次与键的大小增加了数学。EC能够提供与RSA的四分之一的计算复杂度相同的安全,Moorcones说。然而,EC加密多达109位已被打破,科赫尔笔记。
RSA remains popular with developers because implementation requires only multiplication routines, leading to simpler programming and higher throughput, Kocher says. Also, all the applicable patents have expired. For its part, EC is better when there are bandwidth or memory constraints, he adds.
The Quantum Leap
But this tidy world of cryptography may be seriously disrupted by the arrival of quantum computers.
在量子com“有巨大的进步puter technology during the last few years," says Michele Mosca, deputy director of the Institute for Quantum Computing at the University of Waterloo in Ontario. Mosca notes that in the past 15 years, we have moved from playing with quantum bits to building quantum logic gates. At that rate, he thinks it's likely we will have a quantum computer within 20 years.
"It's a game-changer," Mosca says, explaining that the change comes not from improvements in the computer's clock speed, but from an astronomical reduction in the number of steps needed to perform certain computations.
基本上,莫斯卡解释说,量子计算机应该能够用量子力学的特性探测一个庞大的数字中的模式,而无需检查在每一位号码。破解RSA和EC密码涉及的是非常任务 - 寻找在巨大的数字模式。
莫斯卡解释与传统的计算机,发现为EC密码与N个中的关键位的图案将采取若干步骤等于2升高到二分之一N.作为一个例子,对于100个比特(一个适当数量),这将需要250(1.125万亿)步骤。
With a quantum computer, it should take about 50 steps, he says, which means code-breaking would then be no more computationally demanding than the original encryption process.
与RSA,确定需要通过常规计算的溶液的步骤是比EC加密更复杂的数目,但随着量子计算的降低的比例应该是相似的,莫斯卡说。
这种情况是与对称加密那么可怕,莫斯卡说。打破对称码如AES是搜索所有可能的组合键的一个作品的问题。与128位的密钥,有2128种可能的组合。但由于量子计算机的探测大量的能力,只需要组合数的平方根进行检查 - 在这种情况下,264这仍然是一个庞大的数字,和AES应保持的安全与增加密钥大小,莫斯卡说。
Timing Issues
当将量子计算威胁的现状?“我们不知道,”莫斯卡说。对很多人来说,20岁似乎还有很长的路要走,但是在网络安全的世界里,这是指日可待。“那是一个可接受的风险呢?我不这么认为。所以,我们需要开始搞清楚什么替代方案部署,因为它需要许多年才能改变基础设施,”莫斯卡说。
SafeNet's Moorcones disagrees. "DES lasted for 30 years, and AES is good for another 20 or 30 years," he says. Increases in computing power can be countered by changing keys more often -- with each new message, if necessary -- since many enterprises currently change their key only once every 90 days, he notes. Every key, of course, requires a fresh cracking effort, as any success with one key isn't applicable to the next.
When it comes to encryption, the rule of thumb is that "you want your messages to provide 20 years or more of security, so you want any encryption that you use to remain strong 20 years from now," says IDC's Kolodgy.
暂且,“今天的密码破译是一个终端运行游戏 - 它是所有关于抢用户的机器上,” Kolodgy说。“这几天,如果你拉出来的东西的空气,就无法解密它。”
但随着加密最大的挑战是确保它的实际使用决策。
“所有的关键业务数据应处于静止状态被加密,特别是credit card data“理查德·斯蒂农丰收IT,伯明翰,密歇根州的IT安全研究公司说在。”The Payment Card Industry Security Standards Councilrequires that merchants encrypt it -- or, better yet, not store it at all. And data-breach notification laws don't require you to disclose your lost data if it was encrypted."
而且,当然,让你的加密密钥躺在附近在纸条上,也变成是一个坏主意。
量子密钥分配技术可以解决
If quantum technology jeopardizes the methods used to disseminate encryption keys, it also offers technology -- called quantum key distribution, or QKD -- by which such keys can be simultaneously generated and transmitted securely.
QKD has actually been on the market since 2004, with the fiber-based Cerberis system from ID Quantique in Geneva. Grégoire Ribordy, the firm's founder and CEO, explains that the system is based on the fact that the act of measuring quantum properties actually changes them.
At one end of an optical fiber, an emitter sends individual photons to the other end. Normally, the photons will arrive with the expected values and will be used to generate a new encryption key.
But if there is an eavesdropper on the line, the receiver will see an error rate in the photon values and no key will be generated. In the absence of that error rate, the security of the channel is assured, Ribordy says.
However, since security can only be assured after the fact -- when the error rate is measured, which happens immediately -- the channel should be used to send only the keys, not actual messages, he notes.
The other limitation of the system is its range, which currently doesn't exceed 100 kilometers (62 miles), although the company has achieved 250 kilometers in the lab. The theoretical maximum is 400 kilometers, Ribordy says. Going beyond that would require the development of a quantum repeater -- which would presumably use the same technology as a quantum computer.
QKD security isn't cheap: An emitter-receiver pair costs about $97,000, Ribordy says.
Wood is a freelance writer in San Antonio.
这个故事,“时间在流逝加密”最初发表计算机世界 .