HOME

TheInfoList



Click Here for Items Related To - 40-bit encryption
OR:
40-bit encryption on:   [Wikipedia]   [Google]   [Amazon]

40-bit encryption refers to a (now broken)
key size In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm (such as a cipher). Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the fastes ...
of forty bits, or five
byte The byte is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer and for this reason it is the smallest addressable unit ...
s, for
symmetric encryption Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between t ...
; this represents a relatively low
level of security In cryptography, security level is a measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Security level is usually expressed as a number of "bits of security" (also security strength) ...
. A forty bit length corresponds to a total of 240 possible keys. Although this is a large number in human terms (about a
trillion ''Trillion'' is a number with two distinct definitions: * 1,000,000,000,000, i.e. one million million, or (ten to the twelfth power), as defined on the short scale. This is now the meaning in both American and British English. * 1,000,000,00 ...
), it is possible to break this degree of encryption using a moderate amount of computing power in a
brute-force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct ...
, ''i.e.'', trying out each possible key in turn.


Description

A typical home computer in 2004 could brute-force a 40-bit key in a little under two weeks, testing a million keys per second; modern computers are able to achieve this much faster. Using free time on a large corporate network or a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its co ...
would reduce the time in proportion to the number of computers available. With dedicated hardware, a 40-bit key can be broken in seconds. The
Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ...
's Deep Crack, built by a group of enthusiasts for US$250,000 in 1998, could break a 56-bit
Data Encryption Standard The Data Encryption Standard (DES ) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cr ...
(DES) key in days, and would be able to break 40-bit DES encryption in about two seconds. 40-bit encryption was common in software released before 1999, especially those based on the RC2 and RC4 algorithms which had special "7-day" export review policies, when algorithms with larger key lengths could not legally be exported from the United States without a case-by-case license. "In the early 1990s ... As a general policy, the State Department allowed exports of commercial encryption with 40-bit keys, although some software with DES could be exported to U.S.-controlled subsidiaries and financial institutions." As a result, the "international" versions of
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
s were designed to have an effective key size of 40 bits when using
Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in sec ...
to protect
e-commerce E-commerce (electronic commerce) is the activity of electronically buying or selling of products on online services or over the Internet. E-commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain mana ...
. Similar limitations were imposed on other software packages, including early versions of
Wired Equivalent Privacy Wired Equivalent Privacy (WEP) was a security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional ...
. In 1992, IBM designed the
CDMF In cryptography, CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength of the 56-bit DES cipher to that of 40-bit encryption, at the time a requirement of U.S. restrictions on export of ...
algorithm to reduce the strength of 56-bit DES against brute force attack to 40 bits, in order to create exportable DES implementations.


Obsolescence

All 40-bit and 56-bit encryption algorithms are
obsolete Obsolescence is the state of being which occurs when an object, service, or practice is no longer maintained or required even though it may still be in good working order. It usually happens when something that is more efficient or less risky r ...
, because they are vulnerable to brute force attacks, and therefore cannot be regarded as secure. As a result, virtually all Web browsers now use 128-bit keys, which are considered strong. Most
Web server A web server is computer software and underlying hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initi ...
s will not communicate with a client unless it has 128-bit encryption capability installed on it. Public/private key pairs used in asymmetric encryption (public key cryptography), at least those based on prime factorization, must be much longer in order to be secure; see
key size In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm (such as a cipher). Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the fastes ...
for more details. As a general rule, modern symmetric encryption algorithms such as
AES AES may refer to: Businesses and organizations Companies * AES Corporation, an American electricity company * AES Data, former owner of Daisy Systems Holland * AES Eletropaulo, a former Brazilian electricity company * AES Andes, formerly AES Gener ...
use key lengths of 128, 192 and 256 bits.


See also

*
56-bit encryption In computing, 56-bit encryption refers to a key size of fifty-six bits, or seven bytes, for symmetric encryption. While stronger than 40-bit encryption, this still represents a relatively low level of security in the context of a brute force attac ...
*
Content Scramble System The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 1 ...


Footnotes


References

* * * {{Refend Symmetric-key cryptography History of cryptography Encryption debate