Revision as of 04:59, 7 January 2024 edit Citation bot (talk \| contribs) Bots 5,872,690 edits Alter: issue. Add: isbn, authors 1-1. Removed proxy/dead URL that duplicated identifier. Removed parameters. Formatted dashes. Some additions/deletions were parameter name changes. \| Use this bot. Report bugs. \| Suggested by Abductive \| Category:Articles needing additional references from December 2007 \| #UCB_Category 551/889 ← Previous edit		Revision as of 18:41, 17 March 2024 edit undo N2e (talk \| contribs) Extended confirmed users, Pending changes reviewers 56,736 edits →top: clarify time context, per sources; needs updated Next edit →
Line 5: '''Strong cryptography''' or '''cryptographically strong''' are general terms used to designate the [[cryptographic algorithm]]s that, when used correctly, provide a very high (usually unsurmountable) level of protection against any [[eavesdropper]], including the government agencies.{{sfn\|Vagle\|2015\|p=121}} There is no precise definition of the boundary line between the strong cryptography and ([[broken cipher\|breakable]]) '''weak cryptography''', as this border constantly shifts due to improvements in hardware and [[cryptanalysis]] techniques.{{sfn\|Vagle\|2015\|p=113}} These improvements eventually place the capabilities once available only to the [[NSA]] within the reach of a skilled individual,{{cn\|date=June 2023}} so in practice there are only two levels of cryptographic security, "cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files" ([[Bruce Schneier]]).{{sfn\|Vagle\|2015\|p=113}} The strong cryptography algorithms have high [[security strength]], for practical purposes usually defined as a number of bits in the [[Key (cryptography)\|key]]. For example, the United States government, when dealing with [[Export of cryptography from the United States\|export control of encryption]], ~~considers~~considered {{asof\|1999\|lc=y}} any implementation of the [[symmetric encryption]] algorithm with the [[key length]] above 56 bits or its [[public key]] equivalent<ref>{{cite web \|title=Encryption and Export Administration Regulations (EAR) \|url=https://www.bis.doc.gov/index.php/policy-guidance/encryption \|website=bis.doc.gov \|publisher=[[Bureau of Industry and Security]] \|access-date=24 June 2023}}</ref> to be strong and thus potentially a subject to the [[Export control\|export licensing]].{{sfn\|Reinhold\|1999\|p=3}} To be strong, an algorithm needs to have a sufficiently long key and be free of known mathematical weaknesses, as exploitation of these effectively reduces the key size. At the beginning of the 21st century, the typical security strength of the strong symmetrical encryption algorithms is 128 bits (slightly lower values still can be strong, but usually there is little technical gain in using smaller key sizes).{{sfn\|Reinhold\|1999\|p=3}}{{update after\|2015}} Demonstrating the resistance of any cryptographic scheme to attack is a complex matter, requiring extensive testing and reviews, preferably in a public forum. Good [[algorithm]]s and protocols are required, and good system design and implementation is needed as well. For instance, the operating system on which the cryptographic software runs should be as carefully secured as possible. Users may handle passwords insecurely, or trust 'service' personnel overly much, or simply misuse the [[software]]. (See [[social engineering (security)\|social engineering]].)

Strong cryptography: Difference between revisions