RC5-64 bit key's strength questioned

Distributed.net's successful attack on RC5-64 bit encryption code has cast a shadow of doubt across the effectiveness of 64-bit keys for securing sensitive data.

In response to the consortium's announcement recently that it had cracked RSA Security's RC5-64-bit encryption key, many industry experts are now claiming 64-bit keys are not suitable for long-term data security.

Breaking the RC5-64 bit key was part of RSA Laboratories' Secret-Key Challenge, a competition established in 1997 and designed to test the strength of symmetric encryption algorithms such as DES and RC5 using various key sizes.

Competition winner, the distributed.net consortium, took 1700 days and 331,252 volunteers to find the correct RC5-64 bit key using a "brute force" attack. The technique involved going through every possible key to decrypt the code. In total, nearly 16 billion billion keys were tried using the idle time of computers throughout the world - or approximately 80 per cent of the encryption's keyspace -- before the correct key was found.

Distributed.net co-founder and president David McNett said this result calls into question the utility of 64-bit keylengths for any secret that will remain sensitive over more than a few years.

"We've demonstrated that a collection of amateurs working in their spare time can decrypt RC5-64 in a timeframe measured in years.

"Granted, 1700 days is a long time, but the secret formula for Coca-Cola has been secret for much, much longer," he said.

Macquarie University Professor Josef Pieprzyk, chair of the university's computing department, agrees that while there is no immediate worry, distributed.net's successful attack "illustrates yet again that 64-bit keys are too short".

Pieprzyk added the exhaustive brute force attack did not take into account any potential structural, statistical or algebraic weakness within the cipher.

RC5, which was developed by RSA Security in 1994, is a symmetrical algorithm with a variable block size, a variable key size, and a variable number of rounds. The encryption algorithm converts plain text into ciphered, or encrypted code, which can then be reverse engineered through the use of a cipher key. Cipher keys are available from 48-bit to 2048-bit sizes.

RSA's RC5 encryption is found across a variety of technologies and products, including mobile phones, PlayStation consoles, Sun's Solaris operating system as well as desktop PCs. The secret key used to decrypt any given message is selected at random by RSA Laboratories.

In comparison to other encryption methods such as Data Encryption Standard (DES), RC5 is a much sturdier and stronger algorithm, McNett said.

"DES has been deprecated for quite some time now," he said. "Being limited to only a 56-bit keylength and being relatively simple mathematically it is no longer deemed sufficient for any data encryption demands. In 1998, on much slower machines, distributed.net was able to decrypt a DES-encrypted message in under 24 hours."

At distributed.net's peak computer processing power, more than 27 billion 64-bit keys were tried each second. According to the consortium, this represents nearly 46,000, 2GHz AMD Athlon XP machines.

Pieprzyk said although it has taken an immense amount of computer power to crack the code this time around, the same may not be said five to 10 years from now. While confident that encryption remains the best method of securing sensitive information, Pieprzyk suggested that if companies want to secure data for this time frame, they should apply cipher with longer keys of either 80, 128 or 256 bits.

Establishing the costs of the equipment used in the distributed.net attack at around $130 million, Pieprzyk says cracking a 64-bit key now, using this method, is out of reach for the "normal" person. With costs of computing equipment continuing to fall however, such an attack could become feasible, he said.

But despite the growing industry concern about RC5-64, RSA Security senior technical consultant Lee Hickin says the results of the challenge in fact illustrate the strength and security of the RC5 algorithm, rather than its weaknesses.

"This challenge has proven there are no flaws in [the algorithm]," he said.

"All this proves is that if you throw enough monkeys at it, you'll eventually find the 64-bit key. This is not a crack on the RC5 algorithm."

Hickin said the 64-bit key has 10 million trillion possible keys to open it. The next step up, 72 bit encryption, has 256 times the amount of key possibilities as a 64-bit key, he said. At the same rate and computer power as that used by distributed.net to crack the 64-bit key, "it would take a millennia to crack".

"From a practical point of view, if it takes four years to crack a key, this has no impact on the validity of the encryption method," he said.

Asked whether cracking the 64-bit key would become a trivial issue down the track once computing power had increased, Hickin said the encryption algorithms used by then will also become much more complicated.

In the meantime however, McNett says it is important for IT managers and security professionals to not only weigh the sensitivity of the data, but also its timeliness. The likelihood of the everyday hacker gaining access to RC5-64 bit encrypted data later down the track is a realistic enough scenario to warrant concern, he said.


Copyright © 2002 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019
Shop Tech Products at Amazon