Revision as of 07:47, 27 March 2024 edit Dimawik (talk \| contribs) Extended confirmed users 2,450 edits →Sources: added source ← Previous edit		Revision as of 07:48, 27 March 2024 edit undo Dimawik (talk \| contribs) Extended confirmed users 2,450 edits →top: fixed style Next edit →
Line 8: The strong cryptography algorithms have high [[security strength]], for practical purposes usually defined as a number of bits in the [[Key (cryptography)\|key]]. For example, the United States government, when dealing with [[Export of cryptography from the United States\|export control of encryption]], considered {{asof\|1999\|lc=y}} any implementation of the [[symmetric encryption]] algorithm with the [[key length]] above 56 bits or its [[public key]] equivalent<ref>{{cite web \|title=Encryption and Export Administration Regulations (EAR) \|url=https://www.bis.doc.gov/index.php/policy-guidance/encryption \|website=bis.doc.gov \|publisher=[[Bureau of Industry and Security]] \|access-date=24 June 2023}}</ref> to be strong and thus potentially a subject to the [[Export control\|export licensing]].{{sfn\|Reinhold\|1999\|p=3}} To be strong, an algorithm needs to have a sufficiently long key and be free of known mathematical weaknesses, as exploitation of these effectively reduces the key size. At the beginning of the 21st century, the typical security strength of the strong symmetrical encryption algorithms is 128 bits (slightly lower values still can be strong, but usually there is little technical gain in using smaller key sizes).{{sfn\|Reinhold\|1999\|p=3}}{{update after\|2015}} Demonstrating the resistance of any cryptographic scheme to attack is a complex matter, requiring extensive testing and reviews, preferably in a public forum. Good [[algorithm]]s and protocols are required (similarly, good materials are required to construct a strong building), but good system design and implementation is needed as well: "it is possible to build a cryptographically weak system using strong algorithms and protocols" (just like the use of good materials in construction does not guarantee a solid structure). Many real-life systems turn out to be weak when the strong cryptography is not used properly, for example, random [[Cryptographic nonce\|nonces]] are reused{{sfn\|Schneier\|1998\|p=2}} A successful attack might not even involve algorithm at all, for example, if the key is generated from a password, guessing a weak password is easy anand does not depend on the strength of the ~~encryption~~cryptographic ~~algorithm~~primitives.{{sfn\|Schneier\|1998\|p=3}} A user can become the weakest link in the overall picture, for example, by sharing passwords and hardware tokens with the colleagues.{{sfn\|Schneier\|1998\|p=4}} ==Background==

Strong cryptography: Difference between revisions