Apart from social engineering exist two ways to break an encryption key like AES, brute force and cryptanalysis. Find out here whether AES encryption can be cracked any time soon, along with the latest AES development and recommendations from IT security evangelist Bruce Schneier.
Besides social engineering exist two ways to break any encryption key, brute force and cryptanalysis. After the introduction we look at why AES and similar encryption schemes are secure against brute-force attacks using computer power to crack a key. Then you will find the latest development from the studies of AES by means of cryptanalysis. If you are not familiar with encryption it is recommended reading Bright Hub’s article What is AES Encryption? and Types of Encryption.
Brute Force
Mathematicians have discovered that any positive integer greater than one can be expressed as the product of its prime factors; the prime decomposition of the number 22 for instance is 2 x 11. There are a number of algorithms for integer factorization, but the difficulty and complexity to find the prime factor increases at the last sub-exponentially with the size of the integer.
This essentially means that the prime decomposition of large numbers is computationally infeasible with traditional computers. As the strongest encryption algorithms in use today, such as, for instance, Rijndael, which has become the Advanced Encryption Standard (AES), employ large integer factorization, AES in unbreakable – again with the premise of traditional computers in mind.
A quantum computer operating on qubits instead of bits offer polynomial speed for some computing problems including Integer factorization, so that taking into account Cobham’s thesis we know that the traditional encryption algorithm keys can be feasibly computed. Therefore, when quantum computing gets out of the lab will ciphertext produced by traditional cryptography no longer be secure.
Cryptanalysis
The Advanced Encryption Standard can be used with 256-bit keys, immune against Moore’s Law for the years to come. However, cryptanalysts studying the inner working of an algorithm are constantly trying to find a weakness in the encryptions algorithms or to break it. Most “vulnerabilities” are usually of rather theoretical nature, so there is nothing to worry about for an ordinary computer user as the subject is being watched and followed by the IT security community which has been trying to crack publicly documented encryption schemes including AES for years.
Yet, it was only recently when Bruce Schneier, the inventor of Twofish and Blowfish AES competitors stipulated “that the safety margin of AES is much less than previously believed [1].” Schneier demands that AES implements more round of Rijndael for any key length “and for new applications I suggest that people don’t use AES-256. AES-128 provides more than enough security margin for the foreseeable future
Your data is not encrypted with the security you’ve chosen; rather, the security method is used to protect the encryption key that encrypts your data. Think of a key that is locked inside a safe. Your security method (also know as the public key) is the information that unlocks the safe, which contains the key (also known as the private key) that unlocks your data. In other words, your public key protects your private key.
You have these options for securing your archive encryption key:
- account password – default
- private password – another password to use instead of account password
- personal private key – a private key you create that replaces the default private key
Each of the encryption key security options offers increasingly greater security, and correspondingly greater risk for forgetting. In other words, using your account password to secure your data is the simplest method and the easiest for others to penetrate. Using a private password adds another layer of security, but it is another password to remember.
Once you have upgraded your encryption key option, you cannot downgrade to another option. This prevents someone from recovering your lost or stolen computer and using CrashPlan to downgrade your security.
Securing Your Encryption Key with Your Account Password
Using your account password to secure your encryption is the simplest method to use, but the easiest for others to penetrate.
- Default encryption key security option
- Private key is stored on the server and on source computer
- Public key uses your account password to protect your private key
- Public key and private key are stored on the server for web restore
- Public key is stored on the destination for guest restore
- Admins can restore without password, allowing easy local fast restore
Securing Your Encryption Key with a Private Password
You can specify to use a private password, which is different from your account password, to secure your encryption key. Securing your encryption key with another password offers another level of security; however, you increase the risk to your archive because there is no way to retrieve the private password if you forget it.
- Upgraded security
- Private key is stored on and never leaves source computer
- Public key uses a private-password to protect your private key
- Public key is stored on the server for web restore and for new installations
- Public key is stored on the destination for guest restore
- Admins need private password to restore
- Additional password to remember, risk not being able to restore if forgotten
Your Private Encryption Key
You can specify to replace the default encryption key with a private key to encrypt your archive. This is the most secure option, but it requires the most user management because you must provide your private key every time you restore.
- Highest upgraded security
- Private key is stored on and never leaves source computer
- Manage your own private key per computer, with each computer under this account theoretically using a different private key
- Web restore, guest restore, new installations, remote restore, etc. require the private key
- Admins need private key to restore
- Additional information to keep track of, with increased risk of not being able to restore if lost
Generating Your Private Key
You can create your private key in several ways:
- Enter a passphrase that returns a private key and then paste the key into the encryption key box
- Allow CrashPlan to generate a private encryption key for you without entering any text (just click the Generate option)
- Import an encryption key that has been saved to a text file (e.g. an SSH private key)
Importing and Exporting the Private Key Once you’ve selected the method for generating your private key; you can use the Export option to export the key to a text file. Exporting the private key to a file makes it easier to locate the key in case you forget it. When you need to supply the private key on another computer to which you want to recover files, you can use the Import option to import the encryption key from the text file.
All data previously backed up and associated with the previous method’s encryption key is no longer available for restoring.