Encryption is conceptually fairly simple. Most people played some variant of a code game as children (a becomes b, b becomes c, etc…) whereby:
Meet me by the station
Nffu nf cz uif tubujpo
Although you would never choose an encryption technique like this to protect your bank details, it does demonstrate the concept of hard it is to break the encryption.
Keys and key strength
In the kiddy encryption algorithm example above, the algorithm can be described as letter is transformed letter one after it in the alphabet There are 26 obvious variants of this:
letter is transformed letter 1 after it in the alphabet /> letter is transformed letter 2 after it in the alphabet /> letter is transformed letter 3 after it in the alphabet /> letter is transformed letter 4 after it in the alphabet />And so on.
Generally it is good practice to assume that an attacker knows everything about the algorithm that the authors do, except for what we call key In this case, the key is the how many letters further in the alphabet we move for each letter.
The advantage of this model is that we can say that the number of possible different choices of the key somehow relates to good the cipher is. In this case, the attacker has to try at most 26 different keys until he/she can read the message.
Real cryptographic algorithms allow for far more than 26 unique keys. In general the base 2 of the number of different keys is usually quoted. So 26 unique keys is roughly a key strength of 5 bits (2*2*2*2*2 being the smallest that covers all 26 keys). In comparison real cryptographic keys tend to be over 64 bits in strength (2^64 unique keys). A quick table indicates:
5 bits -- 32 unique keys
32 bits -- 4294967296 unique keys
64 bits -- 18446744073709551616 unique keys
128 bits -- 34028236692093846346337460743177000000 unique keys
256 bits -- 11579208923731619542357098500869000000000000000000000000000000000000000000000 unique keys
Obviously, it rapidly becomes difficult to try out all keys. For a rough guide, trying out all keys for a 32 bit algorithm will probably take about 2 hours on standard hardware. It is generally considered that 128 bit keys are not feasible to break in the lifetime of the universe (using standard hardware).
In Citrix Access Essentials we rely on SSL encryption algorithms to protect your data. Typically we use the 3DES encryption algorithm, which has a key length of 168 bits. This algorithms was chosen as it is an standard that has undergone substantial analysis by cryptographers. The exciting abbreviation expands to the rather mundane Encryption Standard />
A weakness in an algorithm is a cut that means not all unique keys need to be checked. For example, if it can be deduced that in an algorithm using a 32-bit key, the actual key used is even, then the number of unique keys to search decreases from 4294967296 to 2147483648. Effectively, the key strength is only 31-bit.
There are a number of serious weakness in our kiddy algorithm. We know that the letter is extremely common in the English language. This means that we can take a good guess that the most common letter in nf cz uif tubujpo represents A quick examination indicates that is the most common letter.
Furthermore, if we know that the letter e maps onto the letter f, we can quickly deduce that the key is 1. Thus, we have the system by avoiding the need to check all 26 keys.
cryptographic algorithms also have occasional weaknesses, but so far both 3DES and AES have proven themselves to be fairly resilient to attack.