256 bit keys in context
AP in reporting on the encrypted Wikileaks files:
At the center of the drama was the posting last week of a massive 1.4 gigabyte mystery file named “Insurance” on the WikiLeaks website.
The “Insurance” file is encrypted, nearly impossible to open until WikiLeaks provides the passwords. But experts suggest that if anyone can crack it – it would be the National Security Agency. …
Legal questions aside, the encrypted file conjures visions of secret codebreakers hunched over their laptops, tearing open secret, protected files in seconds with a few keystrokes.
Reality is not that simple. It appears WikiLeaks used state-of-the-art software requiring a sophisticated electronic sequence of numbers, called a 256-bit key, to open them.
The main way to break such an encrypted file is by what’s called a “brute force attack,” which means trying every possible key, or password, said Herbert Lin, a senior computer science and cryptology expert at the National Research Council of the National Academy of Sciences.
Unlike a regular six- or eight-character password that most people use every day, a 256-bit key would equal a 40 to 50 character password, he said.
If it takes 0.1 nanosecond to test one possible key and you had 100 billion computers to test the possible number variations, “it would take this massive array of computers 10 to the 56th power seconds – the number 1, followed by 56 zeros” to plow through all the possibilities, said Lin.
How long is that?
“The age of the universe is 10 to the 17th power seconds,” explained Lin. “We will wait a long time for the US government or anyone else to decrypt that file by brute force.”
I may be wrong but I think the entire universe will have died by the time that file gets broken.