2

I was reading recently that for AES, the encryption strength is actually the key size/length, so 128-, 192- or 256-bit. While, for SHA-2, the encryption strength is measured against the message digest hash. Is there some sort of an easy breakdown that lists for each algorithm and type, how the strength is measured or determined? It gets even more confusing when I read something like this on Wikipedia:

For example, Triple DES has a key size of 168 bits but provides at most 112 bits of security...

  • 1
    This question doesn't address DES, but it also discusses the distinction between key size and strength: [Asymmetric vs Symmetric Encryption](http://security.stackexchange.com/q/7219) – Gilles 'SO- stop being evil' May 15 '12 at 21:52
  • @Gilles Your answer there is actually more in line with the answer I was expecting, so maybe I didn't ask this question correctly. Thank you for adding that to the discussion. –  May 16 '12 at 17:41

2 Answers2

4

The general point of cryptography and enciphering of information is to increase the difficulty for anyone other than the intended recipient to retrieve any part of the information (or data) in transit or in storage. Increased difficulty makes it less likely that an adversary will be able to make sense of any part of the enciphered data.

What many people take for granted is how time influences the value of data. Data (information, secret recipe, etc) generally loses value over time. For example, corporate merger communication is generally seen as more valuable today than after the fact. With that said, there are data that does not lose significant value over time. In such cases, the relative strength of the cipher becomes another variable for consideration.

The strength of a symmetric cipher can be tied to several things. Key size is one that most people understand. For example, DES uses 56 bit keys, AES has several flavors (128, 192, 256). However, key size is one component of the strength of a cipher. The implementation of the cipher is also an important consideration. Additionally, implementation details also factor in. Block ciphers and stream ciphers are both modes of operation for a symmetric cipher and there are weaknesses that affect different modes of operation. Additionally, adversaries can attack the implementation of a cipher and reduce its effectiveness. TDES providing 112 bits of security is one such example. AES 192 is another example due to the implementation of key expansion function.

A good illustration of a cipher where key size doesn't correlate to strength can be seen with asymmetric ciphers. Most asymmetric ciphers are based on the RSA algorithm with common key sizes of 1024 and 2048 bits. ECC is a newer cipher with much smaller key sizes than used with RSA.

So there's no one measure of the strength of a cipher and the passing of time usually renders ciphers less useful. As time passes, there will likely be additional attacks against current ciphers that render them less useful. However, even if no such attacks are successful, as technology improves, brute forcing the cipher becomes more affordable and a new round of algorithms to protect data will be developed.

Hashing is a completely different function than encryption. With encryption, you want to be able to scramble the data but still have the ability to unscramble it at a later point. Hash produces a fingerprint of the data and is used to demonstrate message integrity (i.e. contents have not been changed). A hash of a data (SHAy, MDx) usually accompany the data itself. An email message might come with a hash such that the recipient can validate the message has not been altered. The message can be visible to anyone in-transit or in storage. There are other uses for has values alone (DLP, AV, FIM), but adversaries are more interested in how to modify the source data to produce the same hash value - to bypass message integrity.

Though larger output bit sizes may increase the difficulty of a collision, it may become possible. For example, if the email authorizes a contract at $100K but you're able to change the 'K' to an 'M' and still retain the same hash output, you've defeated the value of the hash (someone was able to tamper with the message and you weren't able to determine that someone did tamper with it). As with encryption, an adversary can attack the hashing algorithm, or the passing of time and increases in technological sophistication may make collisions more common. At which point, there will be a new round of algorithms.

bangdang
  • 1,824
  • 11
  • 9
3

To begin: the point in the sentence you mention is exactly what you took off:

since an attack of complexity 2^112 is known.

Wikipedia means that a brute-force attack could be done just making all combinations of 2^112 bits, so you wouldn't have to test the whole key (2^168 bits) to break it.

And to continue:

Encryption is one thing, hash is another.

When dealing with encryption, your problem is that someone can find the key and get your secret. That's what mentioned in the Triple DES page, etc.: one can find the key without trying all the 2^168 combinations.

When dealing with hash, your concern is a different one: you don't want that someone have the same hash using a different input. Read about preimage attack and collision attack to get a better idea.

And, to end: the main difference about "bits x strength" is when your comparing public-key with symetric encryption. Symetric needs much less bits to achieve the same protection, but of course their use is different.

techraf
  • 9,141
  • 11
  • 44
  • 62
woliveirajr
  • 4,462
  • 2
  • 17
  • 26