Real Encryption: A Mathematical Case Study

We had a discussion in my Ethics class about encryption, and it really amused me to hear how many people think that maximum strength encryption doesn't matter and that our government has the technology to break (in a reasonable amount of time) any encryption scheme. I started thinking more about it, and I thought that I would do a little mathematical case study regarding basic cryptographic concepts, and show what "real encryption" means and the power people actually have.

First, something that everyone reading this must realize before I continue. I can write a Java code snippet in about a half-hour that can encrypt a text file that no government on this planet could decrypt in less than a hundred years. The idea that "big brother" is always around us, and has futuristic technology able to break all encryption schemes is completely false, and here is the proof.

Background Information

When your bank says that its online software uses 128-bit encryption, that means that it uses a 128 bit long password (or "key") to encode your information during transfer. 128 bits equals 16 characters (16 bytes, ASCII encoding), therefore 128-bit encryption uses a 16 character randomly-generated password. Each character in this password can use all 128 different ASCII characters, which includes all numbers, punctuation, spaces, and letters in the English alphabet (plus some additional characters). 1024-bit encryption is based on a 128 character long password (1024/8 = 128), and so on. Because we are using ASCII encoding, every single slot in the 128 character long password can have 128 different possibilities, so a password that is n characters long has 128 ^ n different combinations possible.

Hypothetical Situation

Imagine a 1,000,000 node cluster of 2.0 Ghz PCs, all clumped together for the sole purpose of brute-force hacking encrypted files. Now say the CIA is using the full computing power of this million-node cluster to go through every single permutation of your password in order to break your encryption scheme. This hypothetical situation will be used for the rest of this case study, so remember those numbers.

A 2 Ghz processor can perform 2 million operations per second (if you assume one operation per clock cycle, we are approximating this because I don't want to confuse anyone). We will assume that the CIA is using special software that can check through one full permutation to see if it works during every clock cycle (this is a huge if), so this means that every second, every node, is moving through 2,000,000 possible combinations and trying to match it against the cypher text. We have one million nodes, so every second, 2,000,000,000,000 (2 trillion permutations, or 2 x 10^12) are being tested to see if they work.

2,000,000,000,000 * 60 seconds * 60 minutes * 24 hours * 365 days = 6.3 x 10^19 possible permutation tries every year. That seems like a hell of a lot of different combinations of letters, but if you do the math, regular 128-bit encryption with a 16 character password has 128^16 different combinations. This equates out to 5.19 x 10^33 to be exact, which would take almost two years of brute-force hacking to crack.

Beyond 128-bit Encryption

In the first paragraph, I said that I could write an algorithm to do this, and I can. By using symmetric XOR encryption, one of the simplest encryption techniques, and a randomly-generated password of sufficient length (we'll work with 1024-bit encryption for this — 128 bytes, or 128 characters), we can use a little math to see just how long it will take to decrypt this home-made encryption.

By using Google, we can see that there are 5.28 x 10^269 different combinations with a 128 character password. By dividing that number by the million node number we found before, we see that it will take roughly 8 x 10^249 years before we can crack that encryption using the world's largest clustered computing structure, very fast computers, and with 100% uptime.

So here is the power you have: a 10-line code snippet you write can encrypt a data file so tightly, that it would take more years to decrypt it — with current technology — than have passed since the inception of the universe at the Big Bang. Now when you have something that you really need to be private, think of this post, and then get yo crypto on.

This Bunny 0wNz You

Roberto weighs 27lbs, is nearly 4ft long, and is headed for your house right now to dominate you and your family.

This Central Floridian rabbit hails from Holland (further referenced as "Killer Bunny Kingdom") and is of a special Continental Giant breed of angora fluff. Read more about him or see more bunnies!

Aristotle: On Longevity

One of the lesser known Aristotelian works is On Longevity and Shortness of Life, and I'm writing about it for my final Ancient Philosophy piece. If you haven't read Aristotle previously, his philosophy differs most directly from Plato in that Aristotle relies on his senses above all else. His philosophical works are generally observational in nature, and then work towards logical conclusions based on induction. This is generally opposite of other philosophers who do not believe you can trust your senses. Either way, Aristotle is considered one of the greatest philosophers of all time.

In On Longevity, Aristotle discusses his reasoning behind why some animals and plants die within a year of "birth", while others live to be 100 years old. He talks about the underlying oppositional elements inherent in all living things, and how this constant tug-o-war is what decreases our lifespan. I don't want to spoil it, so just check it out:

The fulltext of On Longevity as translated by G. R. T. Ross.

On Neglect

My final exam for the class Spatial Visualizations and Pattern Perception is in about a half-hour, and if only for my own edification, I want to write down a little bit about neglect so I can remember it more easily for the test. Here goes.

Neglect

The phenomenon known as neglect usually occurs after direct cranial damage, where unilateral right hemispheric lesions in the temporoparietal juncture render the perception of one half of the visual field unusable for the patient.

The contralesional visual field that would normally be processed in the ipsalesional hemisphere is absent, so the only visual input processed by the brain is in the ipsalesional visual field which corresponds to (in this case) the left hemisphere.

Persons who have right hemispheric lesions cannot process nor attend to objects in their contralesional visual field, so they view the world as right-sided. A person only has half a face. A flower only has petals on the right. A square is only made up of three lines (two of which do not intersect).

There is a theory that states a person with neglect can be made "normal" again by lesioning the contralesional hemisphere in order to even out the lesions. Somehow, after bilateral temporoparietal areas are lesioned, other areas of the visual pathway (be it V2, MT, etc.) will take over and all will be right. This theory has yet to be proven.

The test if over with and I probably got some sort of an A on it. All thanks to this post! Yeah!!!!

Googlewhack-a-mole

Waaaaaaaay back when I was a freshman in college (about two years ago), my friends and I discovered the greatest of all challenge-oriented websites... googlewhack.com.

You find two words that can be defined in the dictionary where by searching for these two words on google (without quotes, one space in between them) yields only one result. You have then found a Google Whack. Submit your two word combination to the googlewhack website, and you'll be added to their "Whack Stack"; forever immortalized with your name and area of the world.

Back when the site was still new (for me), I spent the better part of two days straight looking for ones, and ended up finding like 7 or so. They're all listed on the Whack Stack, however my very best (and most amusing one) ended up being: overachieving masturbator.

Its not a whack anymore (6 more pages were added to the Google results since I found it), but its my favorite. If you've never visited that site before, and you have an unusually large vocabulary chock-full of random scientific vernacular, you're about to become addicted!

Good luck!

Totally Random Crypto

In case anyone missed it, on BusinessWeek's website there was a very interesting article on the future of cryptography.

By harnessing the total randomness of sub-atomic particle movement (Brownian Motion) one can now generate truly truly truly random numbers of an infinitesimal size.

With numbers such as these, they can be entered into encryption algorithms for super high strength encryption.