Keys, Keys, Keys...Who Can Break Yours?
When Julius Caesar sent messages to his generals, he feared they might fall into the wrong hands. To avoid having his war plans compromised, he coded his messages using a simple system that shifted each letter three positions to the right. For instance, he replaced every M with P, every B with E, etc.
Today, codes have become much more sophisticated, but the objectives are the same as in Caesar's time. You want to send a message to someone that only that person can read. Or, shifting back to our own time, you want to make messages (or other files) on your PC unreadable to anyone except for yourself.
A mathematical process called encryption makes this possible. Encryption scrambles your messages or files using mathematical formulas that make the text unreadable to anyone except for someone possessing the key to "decrypt" it.
Encryption programs are now available that even the super-computers used by national intelligence agencies cannot decipher messages created with them, at least not without an exhaustive effort. They're easy to use, and cheap--sometimes even free. I recommend them highly.
In keys, longer is better. While the way a key is generated influences its strength, in general, the more "bits" a key has, the stronger it is.
For instance, I use an encryption program called "Pretty Good Privacy" (PGP). One of the types of keys PGP uses is called an "RSA key." A 4096-bit RSA key is stronger than a 1024-bit RSA key.
And not just a little stronger. Key strength increases exponentially with key length.
Unfortunately, the early versions of PGP support a maximum key length of 1024 bits. Recent research indicates that in near future, 1024-bit RSA keys will get "cracked" by increasingly powerful computers. However, 4096-bit RSA keys remain very safe—for now.
If you're using 1024-bit keys to secure your e-mail or computer files, you should upgrade to a longer key. The newest version of PGP, PGP Desktop, supports the stronger 4096-bit keys. So does the free version of PGP you can download at http://www.pgpi.com.
But act soon. When asked whether 1024-bit RSA keys are dead, one cryptographic researcher involved the race to crack them said, "The answer to that question is an unqualified yes."
Act accordingly.
Copyright © 2007 by Mark Nestmann
Comments