[Interest] TLS/SSL XML encryption security

Thiago Macieira thiago.macieira at intel.com
Mon Oct 7 18:14:09 CEST 2019 

On segunda-feira, 7 de outubro de 2019 05:31:17 PDT Roland Hughes wrote:
> Screaming about the size of the forest one will hide there tree in
> doesn't change the security by obscurity aspect of it. Thumping the desk
> and claiming a forest which is 2^128 * 2^key-bit-width doesn't mean you
> aren't relying on obscurity, especially when they know what tree they
> are looking for.

It's not the usual definition of "security by obscurity". That's usually 
applied to something that is not secure at all, just unknown. Encryption 
algorithms hide nothing in their implementation.

They do hide the key, true. The important thing is that it takes more time to 
brute-force the key than an attacker could reasonably dedicate.

> Let us not forget we are at the end of the x86 era when it comes to what
> evil-doers will use to generate a fingerprint database, or brute force
> crack.
> 
> https://www.technologyreview.com/s/613596/how-a-quantum-computer-could-break
> -2048-bit-rsa-encryption-in-8-hours/
> 
> [Now Gidney and Ekerå have shown how a quantum computer could do the
> calculation with just 20 million qubits. Indeed, they show that such a
> device would take just eight hours to complete the calculation.  “[As a
> result], the worst case estimate of how many qubits will be needed to
> factor 2048 bit RSA integers has dropped nearly two orders of
> magnitude,” they say.]

Oh, only 20 million qubits? That's good to know, because current quantum 
computers have something like 100 or 200.

Not 100 million qubits, 100 qubits.

Yes, I know that Shor's Theorem says it could solve the prime multiplication 
that is in the core of RSA and many other public key encryption mechanisms in 
O(1) time. But no one has ever proven the Theorem and put it into practice, 
yet.

And there are all the quantum-resistant algorithms, some of which are already 
deployed (like AES), some of which are in development.

> While there are those here claiming 128-bit and 256-bit are
> "uncrackable" people with money long since moved to 2048-bit because 128
> and 256 are the new 64-bit encryption levels. They know that an entity
> wanting to decrypt their sniffed packets doesn't need the complete
> database, just a few fingerprints which work relatively reliably. They
> won't get everything, but they might get the critical stuff.

You're confusing algorithms. RSA asymmetric encryption today requires more 
than 1024 bits, 2048 recommended, 4096 even better. AES is symmetric 
encryption and requires nowhere near that much, 128 is sufficient, 256 is very 
good. Elliptic curves are also asymmetric and require much less than 1024 
bits.

> Haven't you noticed a pattern over the decades?
> 
> X-bit encryption would take a "super computer" (never actually
> identifying which one) N-years running flat out to crack.
> 
> A few years later
> 
> Y-bit encryption would take a "super computer" (never actually
> identifying which one) N-years running flat out to crack (without any
> mention of why they were/are wrong about X-bit).
> 
> Oh! You wanted "Why?" Sorry.

Again, you're deliberately misleading people here. The supercomputers *are* 
identified. And the fact that technology progresses is no surprise. It's 
*expected* and accounted for. That's why the number of bits in most ciphers is 
increasing, that's why older ciphers are completely dropped, that's why we're 
getting new ones and new versions of TLS.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Interest mailing list