Home » Why not use larger cipher keys?

# Why not use larger cipher keys?

## Solutons:

The reason why RSA keys are so small is that:

With every doubling of the RSA key length, decryption is 6-7 times times slower.

So this is just another of the security-convenience tradeoffs.
Here’s a graph:

Source: http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

I dug out my copy of Applied Cryptography to answer this concerning symmetric crypto, 256 is plenty and probably will be for a long long time. Schneier explains;

Longer key lengths are better, but only up to a point. AES will have 128-bit, 192-bit, and 256-bit key lengths. This is far longer than needed for the foreseeable future. In fact, we cannot even imagine a world where 256-bit brute force searches are possible. It requires some fundamental breakthroughs in physics and our understanding of the universe.

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38 × 10−16 erg/K, and that the ambient temperature of the universe is 3.2 Kelvin, an ideal computer running at 3.2 K would consume 4.4 × 10−16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21 × 1041 ergs. This is enough to power about 2.7 × 1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this counter.

But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

The boldness is my own addition.

Remark: Note that this example assumes that there is a ‘perfect’ encryption algorithm. If you can exploit weaknesses in the algorithm, the key space might shrink and you’d end up with effectively less bits of your key.

It also assumes that the key generation is perfect – yielding 1 bit of entropy per bit of key. This is often difficult to achieve in a computational setting. An imperfect generation mechanism might yield 170 bits of entropy for a 256 bit key. In this case, if the key generation mechanism is known, the size of the brute-force space is reduced to 170 bits.

Assuming quantum computers are feasible, however, any RSA key will be broken using Shor’s algorithm. (See https://security.stackexchange.com/a/37638/18064)

For one AES is built for three key sizes `128, 192 or 256 bits`.

Currently, brute-forcing 128 bits is not even close to feasible. Hypothetically, if an AES Key had 129 bits, it would take twice as long to brute-force a 129 bit key than a 128 bit key. This means larger keys of 192 bits and 256 bits would take much much much longer to attack. It would take so incredibly long to brute-force one of these keys that the sun would stop burning before the key was realized.

`2^256=115792089237316195423570985008687907853269984665640564039457584007913129639936`

That’s a big freaking number. That’s how many possibly keys there are. Assuming the key is random, if you divide that by 2 then you have how many keys it will take on average to brute-force AES-256

In a sense we do have the really big cipher keys you are talking of. The whole point of a symmetric key is to make it unfeasible to brute-force. In the future, if attacking a 256bit key becomes possible then keysizes will surely increase, but that is quite a ways down the road.

The reason RSA keys are much larger than AES keys is because they are two completely different types of encryption. This means a person would not attack a RSA key the same as they would attack an AES Key.

Attacking symmetric keys is easy.

1. Start with a bitstring `000...`
2. Decrypt ciphertext with that bitstring.
3. If you can read it, you succeeded.
4. If you cannot read it then increment the bitstring

Attacking an RSA key is different…because RSA encryption/decryption works with big semi-prime numbers…the process is mathy. With RSA, you don’t have to try every possible bit string. You try far fewer than `2^1024` or `2^2048` bitstrings…but it’s still not possible to bruteforce. This is why RSA and AES keys differ in size.[1]

To sum up everything and answer your question in 1 sentence. We don’t need ridiculously big symmetric keys because we already have ridiculously big symmetric keys. 256 bit encryption sounds wimpy compared to something like a 2048 bit RSA Key, but the algorithms are different and can’t really be compared ‘bit to bit’ like that. In the future if there is a need to longer keys then there will be new algorithms developed to handle larger keys. And if we ever wanted to go bigger on current hardware, it’s simply a time tradeoff. Bigger key means longer decryption time means slower communication. This is especially important for a cipher since your internet browser will establish and then use a symmetric key to send information.

## Extract file from docker image?

You can extract files from an image with the following commands: docker create \$image # returns container ID docker cp \$container_id:\$source_path \$destination_path docker rm \$container_id According to the docker create documentation, this doesn't run the...

## Transfer files using scp: permission denied

Your commands are trying to put the new Document to the root (/) of your machine. What you want to do is to transfer them to your home directory (since you have no permissions to write to /). If path to your home is something like /home/erez try the following:...

## What’s the purpose of DH Parameters?

What exactly is the purpose of these DH Parameters? These parameters define how OpenSSL performs the Diffie-Hellman (DH) key-exchange. As you stated correctly they include a field prime p and a generator g. The purpose of the availability to customize these...

## How to rsync multiple source folders

You can pass multiple source arguments. rsync -a /etc/fstab /home/user/download bkp This creates bkp/fstab and bkp/download, like the separate commands you gave. It may be desirable to preserve the source structure instead. To do this, use / as the source and...

## Benefits of Structured Logging vs basic logging

There are two fundamental advances with the structured approach that can't be emulated using text logs without (sometimes extreme levels of) additional effort. Event Types When you write two events with log4net like: log.Debug("Disk quota {0} exceeded by user...

## Interfaces vs Types in TypeScript

2019 Update The current answers and the official documentation are outdated. And for those new to TypeScript, the terminology used isn't clear without examples. Below is a list of up-to-date differences. 1. Objects / Functions Both can be used to describe the...

## Get total as you type with added column (append) using jQuery

One issue if that the newly-added column id's are missing the id number. If you look at the id, it only shows "price-", when it should probably be "price-2-1", since the original ones are "price-1", and the original ones should probably be something like...

## Determining if a file is a hard link or symbolic link?

Jim's answer explains how to test for a symlink: by using test's -L test. But testing for a "hard link" is, well, strictly speaking not what you want. Hard links work because of how Unix handles files: each file is represented by a single inode. Then a single...

## How to restrict a Google search to results of a specific language?

You can do that using the advanced search options: http://www.googleguide.com/sharpening_queries.html I also found this, which might work for you: http://www.searchenginejournal.com/how-to-see-google-search-results-for-other-locations/25203/ Just wanted to add...

## Random map generation

Among the many other related questions on the site, there's an often linked article for map generation: Polygonal Map Generation for Games you can glean some good strategies from that article, but it can't really be used as is. While not a tutorial, there's an...

## Difference in sites-available vs sites-enabled vs conf.d directories (Nginx)?

The sites-* folders are managed by nginx_ensite and nginx_dissite. For Apache httpd users who find this with a search, the equivalents is a2ensite/a2dissite. The sites-available folder is for storing all of your vhost configurations, whether or not they're...

## How to prettyprint a JSON file?

The json module already implements some basic pretty printing in the dump and dumps functions, with the indent parameter that specifies how many spaces to indent by: >>> import json >>> >>> your_json = '["foo", {"bar":["baz", null,...

## How can I avoid the battery charging when connected via USB?

I have an Android 4.0.3 phone without root access so can't test any of this but let me point you to /sys/class/power_supply/battery/ which gives some info/control over charging issues. In particular there is charging_enabled which gives the current state (0 not...

## How to transform given dataset in python? [closed]

From your expected result, it appears that each "group" is based on contiguous id values. For this, you can use the compare-cumsum-groupby pattern, and then use agg to get the min and max values. # Sample data. df = pd.DataFrame( {'id': [1, 2, 2, 2, 2, 2, 1, 1,...

## Output of the following C++ Program [closed]

It works exactly like this non-recursive translation: int func_0() { return 2; } int func_1() { return 3; } int func_2() { return func_1() + func_0(); } // Returns 3 + 2 = 5 int func_3() { return func_2() + func_1(); } // Returns 5 + 3 = 8 int func_4() { return...

## Making a circle out of . (periods) [closed]

Here's the maths and even an example program in C: http://pixwiki.bafsoft.com/mags/5/articles/circle/sincos.htm (link no longer exists). And position: absolute, left and top will let you draw: http://www.w3.org/TR/CSS2/visuren.html#choose-position Any further...

## Should I use a code converter (Python to C++)?

Generally it's an awful way to write code, and does not guarantee that it will be any faster. Things which are simple and fast in one language can be complex and slow in another. You're better off either learning how to write fast Python code or learning C++...

## tkinter: cannot concatenate ‘str’ and ‘float’ objects

This one line is more than enough to cause the problem: text="რეგულარი >> "+2.23+ 'GEL' 2.23 is a floating-point value; 'GEL' is a string. What does it mean to add an arithmetic value and a string of letters? If you want the string label 'რეგულარი...

## Java regex for removing all single letters except “a” and “i” from string [closed]

Code See regex in use here (?:^| )[b-hj-z](?= |\$) Usage See code in use here import java.util.regex.Matcher; import java.util.regex.Pattern; class Ideone { public static void main (String[] args) throws java.lang.Exception { final String regex = "(?:^|...

## How to make a file (e.g. a .sh script) executable, so it can be run from a terminal

You can mark the file as executable: chmod +x filename.sh You can then execute it like this: ./filename.sh If you want to use a different command to start it, you can add an alias: gedit ~/.bashrc Add this at the end of the file: alias <new...