Paradigm Shift? Digital Currency 15 - Better to Burn Out?
As outlined previously... 20 years ago, if someone had been astute, the LDS Electronic Commerce Services could have been "THE CA" or Certificate Authority for the registration of public keys.
To provision this service would require the three elements outlined in our last episode: Public Key Cryptography, a PKI (Public Key Infrastructure) and a CA (Certificate Authority).
Some may ask, could you trust the technology circa 1995? Would there have been adequate security in the encryption available at the time?
To answer: One of the three requirements that all cryptographic systems must satisfy to be acceptable for general use in a automated information application or system:
3. the security of the cryptographic system must depend only on the secrecy of the keys and not the secrecy of the encryption or decryption transformations.
LDS certainly had the infrastructure and technology to keep the keys secret. But would 1024 bit encryption be adequate?
IMO, absolutely and 2048 bit is overkill, why? Twenty years ago 1024 bit keys were the new standard.
As of 2003, RSA Security claimed that 1024-bit RSA keys were equivalent in strength to 80-bit symmetric keys.
As of 2014, 2048 bit keys are the standard and all previous keys have been phased out.
It’s true that the use of 2048 bit certificates requires more processing power on both client and server.
As an alternative, many companies offer different encryption schemes with key sizes at a fraction of the number of bits RSA and DSA require.
These alternative methods offer stronger security with less server overhead and will help to reduce CPU cycles required for server cryptographic operations.
In 2007, Arjen Lenstra, a cryptology professor at the Ecole Polytechnique de Lausanne (EPFL) in Switzerland, led a distributed computation project...
involving hundreds of computers designed for the task, conducted over 11 months, and achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key.
So as of 2007, 1024 bit transactions were still not at risk, yet. The experts at Information Security Stack Exchange estimate:
The current RSA factorization record is for a 768-bit integer (232 decimal digits), announced in December 2009.
It took four years and involved the smartest number theorists currently living on Earth, including Lenstra and Montgomery.
Its factorization, by a state-of-the-art distributed implementation, took around fifteen hundred CPU years which is two years of real time, on many hundreds of computers.
In fact, a typical user will not break a 1024-bit RSA key, not now and not in ten years either. There are about a dozen people on Earth who can, with any credibility, claim that it is conceivable, with a low but non-zero probability...
that they might be able to factor a single 1024-bit integer at some unspecified time before year 2020.
Putting this all into perspective: If you subscribe to the Big Bang Theory, the estimated age of the universe is a little over 13.75 billion years.
Digicert estimates, that standard desktop computing power would take 4,294,967,296 x 1.5 million years...
to break a DigiCert 2048-bit SSL certificate. Or, in other words, a little over 6.4 quadrillion years.
Therefore if you tried to break a DigiCert 2048-bit SSL certificate using a standard modern desktop computer, and you started at the beginning of time...
you would have expended 13 billion years of processing by the time you got back to today, and you would still have to repeat that entire process...
468,481 times one after the other into our far far distant future before there was a good probability of breaking the certificate.
By that time, according to the Big Bang theory, the universe will have either recontracted into a singularity or...
expanded and faded away into darkness. Leading to the proposition...
More to come in the finale, There Can Be Only One.
Paradigm Shift? Digital Currency 16 - There Can Be Only One
Paradigm Shift? Digital Currency - Index
To provision this service would require the three elements outlined in our last episode: Public Key Cryptography, a PKI (Public Key Infrastructure) and a CA (Certificate Authority).
Some may ask, could you trust the technology circa 1995? Would there have been adequate security in the encryption available at the time?
To answer: One of the three requirements that all cryptographic systems must satisfy to be acceptable for general use in a automated information application or system:
3. the security of the cryptographic system must depend only on the secrecy of the keys and not the secrecy of the encryption or decryption transformations.
LDS certainly had the infrastructure and technology to keep the keys secret. But would 1024 bit encryption be adequate?
IMO, absolutely and 2048 bit is overkill, why? Twenty years ago 1024 bit keys were the new standard.
As of 2003, RSA Security claimed that 1024-bit RSA keys were equivalent in strength to 80-bit symmetric keys.
As of 2014, 2048 bit keys are the standard and all previous keys have been phased out.
It’s true that the use of 2048 bit certificates requires more processing power on both client and server.
As an alternative, many companies offer different encryption schemes with key sizes at a fraction of the number of bits RSA and DSA require.
These alternative methods offer stronger security with less server overhead and will help to reduce CPU cycles required for server cryptographic operations.
In 2007, Arjen Lenstra, a cryptology professor at the Ecole Polytechnique de Lausanne (EPFL) in Switzerland, led a distributed computation project...
involving hundreds of computers designed for the task, conducted over 11 months, and achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key.
So as of 2007, 1024 bit transactions were still not at risk, yet. The experts at Information Security Stack Exchange estimate:
The current RSA factorization record is for a 768-bit integer (232 decimal digits), announced in December 2009.
It took four years and involved the smartest number theorists currently living on Earth, including Lenstra and Montgomery.
Its factorization, by a state-of-the-art distributed implementation, took around fifteen hundred CPU years which is two years of real time, on many hundreds of computers.
In fact, a typical user will not break a 1024-bit RSA key, not now and not in ten years either. There are about a dozen people on Earth who can, with any credibility, claim that it is conceivable, with a low but non-zero probability...
that they might be able to factor a single 1024-bit integer at some unspecified time before year 2020.
Putting this all into perspective: If you subscribe to the Big Bang Theory, the estimated age of the universe is a little over 13.75 billion years.
Digicert estimates, that standard desktop computing power would take 4,294,967,296 x 1.5 million years...
to break a DigiCert 2048-bit SSL certificate. Or, in other words, a little over 6.4 quadrillion years.
Therefore if you tried to break a DigiCert 2048-bit SSL certificate using a standard modern desktop computer, and you started at the beginning of time...
you would have expended 13 billion years of processing by the time you got back to today, and you would still have to repeat that entire process...
468,481 times one after the other into our far far distant future before there was a good probability of breaking the certificate.
By that time, according to the Big Bang theory, the universe will have either recontracted into a singularity or...
expanded and faded away into darkness. Leading to the proposition...
More to come in the finale, There Can Be Only One.
Paradigm Shift? Digital Currency 16 - There Can Be Only One
Paradigm Shift? Digital Currency - Index
Comments