Content deleted Content added
add requested citation |
→Cryptographically strong algorithms: Fixed typo Tags: Mobile edit Mobile web edit |
||
| (5 intermediate revisions by 2 users not shown) | |||
Line 3:
{{OriginalResearch|date=November 2021}}
'''Strong cryptography''' or '''cryptographically strong''' are general terms used to designate the [[cryptographic algorithm]]s that, when used correctly, provide a very high (usually
{{cite news |last=Levy|first=Steven |title=Battle of the Clipper Chip |newspaper=[[New York Times Magazine]] |date=12 July 1994 |pages=44–51 }}</ref> so in practice there are only two levels of cryptographic security, "cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files" ([[Bruce Schneier]]).{{sfn|Vagle|2015|p=113}}
The strong cryptography algorithms have high [[security strength]], for practical purposes usually defined as a number of bits in the [[Key (cryptography)|key]]. For example, the United States government, when dealing with [[Export of cryptography from the United States|export control of encryption]], considered {{asof|1999|lc=y}} any implementation of the [[symmetric encryption]] algorithm with the [[key length]] above 56 bits or its [[public key]] equivalent<ref>{{cite web |title=Encryption and Export Administration Regulations (EAR) |url=https://www.bis.doc.gov/index.php/policy-guidance/encryption |website=bis.doc.gov |publisher=[[Bureau of Industry and Security]] |access-date=24 June 2023}}</ref> to be strong and thus potentially a subject to the [[Export control|export licensing]].{{sfn|Reinhold|1999|p=3}} To be strong, an algorithm needs to have a sufficiently long key and be free of known mathematical weaknesses, as exploitation of these effectively reduces the key size. At the beginning of the 21st century, the typical security strength of the strong symmetrical encryption algorithms is 128 bits (slightly lower values still can be strong, but usually there is little technical gain in using smaller key sizes).{{sfn|Reinhold|1999|p=3}}{{update after|2015}}
Demonstrating the resistance of any cryptographic scheme to attack is a complex matter, requiring extensive testing and reviews, preferably in a public forum. Good [[algorithm]]s and protocols are required (similarly,
==Background==
Line 21:
An encryption algorithm is intended to be unbreakable (in which case it is as strong as it can ever be), but might be breakable (in which case it is as weak as it can ever be) so there is not, in principle, a continuum of strength as the [[idiom]] would seem to imply: Algorithm A is stronger than Algorithm B which is stronger than Algorithm C, and so on. The situation is made more complex, and less subsumable into a single strength metric, by the fact that there are many types of [[Cryptanalysis|cryptanalytic]] attack and that any given algorithm is likely to force the attacker to do more work to break it when using one attack than another.
There is only one known unbreakable cryptographic system, the [[one-time pad]], which is not generally possible to use because of the difficulties involved in exchanging one-time pads without
The usual sense in which this term is (loosely) used, is in reference to a particular attack, [[Brute force attack|brute force]] key search — especially in explanations for newcomers to the field. Indeed, with this attack (always assuming keys to have been randomly chosen), there is a continuum of resistance depending on the length of the key used. But even so there are two major problems: many algorithms allow use of different length keys at different times, and any algorithm can forgo use of the full key length possible. Thus, [[Blowfish (cipher)|Blowfish]] and [[RC5]] are [[block cipher]] algorithms whose design specifically allowed for several [[Key size|key lengths]], and who cannot therefore be said to have any particular strength with respect to brute force key search. Furthermore, US export regulations restrict key length for exportable cryptographic products and in several cases in the 1980s and 1990s (e.g., famously in the case of [[Lotus Notes]]' export approval) only partial keys were used, decreasing 'strength' against brute force attack for those (export) versions. More or less the same thing happened outside the [[United States|US]] as well, as for example in the case of more than one of the cryptographic algorithms in the [[Global System for Mobile Communications|GSM]] cellular telephone standard.
Line 79:
* Almost all [[classical cipher]]s.
* Most rotary ciphers, such as the [[Enigma machine]].
* DHE/EDHE is guessable/weak when using/re-using known default prime values on the server
==Notes==
Line 98 ⟶ 94:
* {{cite journal | last1=Riebe | first1=Thea | last2=Kühn | first2=Philipp | last3=Imperatori | first3=Philipp | last4=Reuter | first4=Christian | title=U.S. Security Policy: The Dual-Use Regulation of Cryptography and its Effects on Surveillance | journal=European Journal for Security Research | publisher=Springer Science and Business Media LLC | volume=7 | issue=1 | date=2022-02-26 | issn=2365-0931 | doi=10.1007/s41125-022-00080-0 | pages=39–65 | url = https://link.springer.com/content/pdf/10.1007/s41125-022-00080-0.pdf?pdf=button}}
* {{cite journal | last=Feigenbaum | first=Joan | title=Encryption and surveillance | journal=Communications of the ACM | publisher=Association for Computing Machinery (ACM) | volume=62 | issue=5 | date=2019-04-24 | issn=0001-0782 | doi=10.1145/3319079 | pages=27–29 | doi-access=free }}
* {{cite web |last1=Schneier |first1=Bruce |title=Security pitfalls in cryptography |url=http://www.madchat.fr/crypto/papers/pitfalls.pdf |access-date=27 March 2024 |date=1998}}
==See also==
| |||