The State of the Art in Key Cracking
As we move into a new year, let us not forget the trials and tribulations of 2013, appointedly outlined by one of the major players in the telecommunications industry:
Originally by Luther Martin, Chief Security Architect.
Verizon’s 2013 Data Breach Investigation Report contains an interesting summary of today’s hacking: “Stolen credentials and backdoors are heavily used in targeted espionage campaigns, while brute force is the tool of choice for financially motivated groups.” So if you’re protecting valuable information with encryption, hackers may actually try brute-force attacks to crack it.
But will hackers really try to crack encryption keys?
If you’re using weak encryption, cracking a key may actually be fairly cost-effective with today’s technology. A quick look at a commercially-available product that’s designed with this in mind shows that it’s probably possible to crack DES (the Data Encryption Standard defined by the now-obsolete FIPS 46-3) keys at a cost of about $70 per key. But this also turns out to not be very relevant for most business users of encryption.
A state-of-the-art RIVYERA S6-LX150 HD from massively-parallel computing specialist SciEngines, for example, costs roughly $140,000 and can search an astounding 1.38 trillion DES keys per second. At that rate, it can crack a DES key in an average of about 7 hours and 14 minutes. And because with DES key cracking it’s easy to take full advantage of additional hardware, if you have more money to spend, you can use a cluster of nine of these to crack a DES key in about 48 minutes.
To make those numbers more meaningful we need to make some assumptions about the other costs involved in owning and operating such a machine. Just like in the business world, hackers need to worry about the total cost of ownership (TCO) of their IT assets, and a reasonable rule of thumb is that the purchase price of a computer ends up being about one-third of its TCO. And let’s assume that the rapid advances in computing technology give a special key-cracking computer a useful life of three years.
Under these assumptions, a hacker can recover an average of about 1,212 DES keys per year at a cost of about $70 per key. The investment required to do this is about $420,000 over five years. This is probably well within the range of projects that organized crime could easily fund. It’s also a realistic investment for larger companies as well as national governments.
But to make such an investment worthwhile, hackers will need to get at an average of at least $70 in value from each DES key that they crack. And if we enforce the same sort of return on investment requirements on hackers that the rest of us have to live with, a better estimate is probably closer to $90. So if hackers can make at least $90 per DES key that they can crack we should expect them to do it and if they can make less than that they’ll find a better use for their money instead of spending it on special-purpose key-cracking computers.
But DES is so weak that the standard that defined it was actually withdrawn in 2005. The keys that are generally accepted as being suitable for use today provide at least 112 bits of cryptographic strength.That’s the level of protection that three-key Triple-DES provides, for example. One of those keys is over 10 quadrillion times harder to crack than a DES key. So while cracking a DES key is actually quite feasible with today’s technology, cracking a key that provides 112 bits of cryptographic strength isn’t close to being feasible today and won’t be feasible for the foreseeable future.
And just like DES is now considered too weak to use, 1,024-bit keys (160-bit for elliptic curves) for public-key algorithms are also now considered too weak. According to NIST’s guidance,a 1,024-bit public key provides the equivalent of 80 bits of strength. It’s a big and very questionable assumption, but if we assume that we can scale the cost and performance numbers for the RIVYERA S6 to get reasonable estimates for cracking such a key, we end up with an estimate that it would cost roughly $1.2 billion to crack a single 1,024-bit public key.
So even though such keys aren’t considered strong enough to use these days, they’re probably still fairly secure, or at least secure enough to thwart any attacker equipped with state-of-the-art technology. So it’s very unlikely that even the richest national governments would be willing to spend $1.2 billion to crack a single public key using off-the-shelf technology. There’s always a cheaper and easier alternative, particularly for governments.