Thursday, March 02, 2006

What ciphers will be broken 30 years from now?

About 10 years ago, as a very green and ignorant student, I wrote a paper on security in which I imagined that with sufficiently strong encryption there'd be, in theory, no need to secure an encrypted document. Millions of copies would be merely redundant backups.

I think the encryption standard in use then was 40 bit DES or the equivalent (I may have the names wrong). That would be trivially cracked today.

I thought of that when I read this story on cracking old German ciphers:
BBC News: Online amateurs crack Nazi codes

Three German ciphers unsolved since World War II are finally being cracked, helped by thousands of home computers.

The codes resisted the best efforts of the celebrated Allied cryptographers based at Bletchley Park during the war.

Now one has been solved by running code-breaking software on a "grid" of internet-linked home computers.

The complex ciphers were encoded in 1942 by a new version of the German Enigma machine, and led to regular hits on Allied vessels by German U-boats.

Allied experts initially failed to deal with the German adoption in 1942 of a complex new cipher system, brought in at the same time as a newly upgraded Enigma machine.

The advancement in German encryption techniques led to significant Allied losses in the North Atlantic throughout 1942....

[Krah] ... wrote a code-breaking program and publicised his project on internet newsgroups, attracting the interest of about 45 users, who all allowed their machines to be used for the project.

There are now some 2,500 separate terminals contributing to the project, Mr Krah said.

... in little over a month an apparently random combination of letters had been decoded into a real wartime communication.

... Stefan Krah's computerised codebreaking software uses a combination of "brute force" and algorithmic attempts to get at the truth.
Today's best ciphers will likely meet the same fate as Enignma, sometime in the next 10-30 years. Presumably there are people now collecting as much encrypted network traffic as possible, with the intent of storing it until the codes can be cracked ...

No comments: