A computerized cryptographic key is a digital string of bits of a certain length, and this is used by encryption or decryption algorithms to turn plaintext into scrambled data, or encrypted data.
Public Key Cryptographic Keys
The following is from "Homeland Insecurity," by Charles C. Mann, which appeared in The Atlantic Monthly, September 2002.
To use RSA encryption, Alice first secretly chooses two prime numbers, p and q, each more than a hundred digits long. This is easier than it may sound: there are an infinite supply of prime numbers. Last year a Canadian college student found the biggest known prime: 2 13466917 -1. It has 4,053,946 digits; typed without commas in standard 12-point type, the number would be more than ten miles long. Fortunately Alice doesn't need one nearly that big. She runs a program that randomly selects two prime numbers for her and then she multiplies them by each other, producing p x q, a still bigger number that is, naturally, not prime. This is Alice's "public key." (In fact, creating the key is more complicated than I suggest here, but not wildly so.)
As the name suggests, public keys are not secret; indeed, the Alices of this world often post them on the Internet or attach them to the bottom of their e-mail. When Bob wants to send Alice a secret message, he first converts the text of the message into a number. Perhaps, as before, he transforms "attack" into "5 100 100 5 15 55." Then he obtains Alice's public key -- that is, p x q -- by looking it up on a Web site or copying it from her e-mail. (Note here that Bob does not use his key to send Alice a message, as in regular encryption. Instead, he uses Alice's key.) Having found Alice's public key, he plugs it into a special algorithm invented by Rivest, Shamir, and Adleman to encrypt the message.
At this point the three mathematicians' cleverness becomes evident. Bob knows the product p x q, because Alice has displayed it on her Web site. But he almost certainly does not know p and q themselves, because they are its only factors, and factoring large numbers is effectively impossible. Yet the algorithm is constructed in such a way that to decipher the message the recipient must know both p and q individually . Because only Alice knows p and q, Bob can send secret messages to Alice without ever having to swap keys. Anyone else who wants to read the message will somehow have to factor p x q. How hard is that? Even if a team of demented government agents spent a trillion dollars on custom computers that do nothing but try random numbers, the Sun would likely go nova before they succeeded. (Rivest, Shamir, and Adleman patented their algorithm and to market it created a company, RSA Data Security, in 1983.) (Webmaster note: In 2003, Rivest, Shamir and Adleman won the Turing Award, the computing field's equivalent of the Nobel Prize, for their work.)
Security and Key Length
The relative security of a key is typically expressed in its bit length, or the number of digital bits used to represent the key, which then implies the possible key combinations, only one of which can be used to decrypt encoded information.
Key Size |
Possible Key Combinations | ||
| 2-bit | 2^2 | 2x2 | = 4 |
| 3-bit | 2^3 | 2x2x2 | = 8 |
| 4-bit | 2^4 | 2x2x2x2 | = 16 |
| 5-bit | 2^5 | 2x2x2x2x2 | = 32 |
| 6-bit | 2^6 | 2x2x2x2x2x2 | = 64 |
| 7-bit | 2^7 | 2x2x2x2x2x2x2 | = 128 |
| 8-bit | 2^8 | 2x2x2x2x2x2x2x2 | = 256 |
| 9-bit | 2^9 | 2x2x2x2x2x2x2x2x2 | = 512 |
| 10-bit | 2^10 | 2x2x2x2x2x2x2x2x2x2 | = 1024 |
| 11-bit | 2^11 | 2x2x2x2x2x2x2x2x2x2... | = 2048 |
| 12-bit | 2^12 | 2x2x2x2x2x2x2x2x2x2... | = 4096 |
| 16-bit | 2^16 | 2x2x2x2x2x2x2x2x2x2... | = 65536 |
| 24-bit | 2^24 | 2x2x2x2x2x2x2x2x2x2... | = 16.7 million |
| 30-bit | 2^30 | 2x2x2x2x2x2x2x2x2x2... | = 1 billion (1,073,741,800) |
| 40-bit | 2^40 | 2x2x2x2x2x2x2x2x2x2... | = 1 trillion (1,097,728,000,000) |
| 56-bit | 2^56 | 2x2x2x2x2x2x2x2x2x2.... | = 72 thousand quadrillion (71,892,000,000,000,000) |
| 128-bit | 2^128 | 2 multiplied
by 2 128 times over. |
= 339,000,000,000,000,000,000,000,000,000,000,000 (give or take a couple trillion...) |
These days, 56-bit keys and 128-bit keys are the most commonly key-bit lengths used in routine encryption algorithms. At current levels of computing power, it would take significantly longer than the estimated life of the universe to crack -- or factor by trying all combinations -- a 128-bit key. Even if computing power doubles every year, in 20 years it will still take a computer six thousand trillion years to break a 128-bit key, and upgrading to 129 bits will double that time.
© The 21st Century Project, 2003-2008, All Rights Reserved