Encryption

I really don't know muchy about this subject (I mean, I've read a book or two on it, but nothing much.)

So I have one or two questions:

1. In an encryption key, how many characters are there to a bit? I generally assumed it was one character to a bit = e.g. 128-bit encryption uses a 128-bit string of characters.
But then, when I was encrypting a wireless router for relatives - I had the option of either using 13 ASCII characters or 26 hexidecimals for 128-bit encryption. Since 13 and/or 26 don't go into 128, how does that work??

2. What is the limit on encryption keys? Can they be written as far as you want to go, and if so - is there any software that goes up like above 512-bit security?

3. How easy is encryption to crack? I heard that it takes an entire week for a hacker to break into an 128-bit encrypted wireless connection, but is this any quicker? I have absolutely no idea on how any of this stuff works.

4. How easy is it to write your own software, and do many people do it? (Since it gives them flexibility, added security and the ability to encrypt as high up as they want.)

Thanks in advance I'm sorry if they weren't very sensible questions, but I know NOTHING about encryption basically, apart from the basics on what it does.

I'm not planning to encrypt anything in particular, I'd just like to know a bit more about this stuff, since I might be helping more people keep their home network/pc systems secure.

1) Generally a "charachter" is considered to be 8 bits. However, this is not hard and fast, since there are different ways to represent them. ASCII used 7 bits initially, then expanded to 8 bits by including some extra graphical charachters. Unicode uses 16 bits to represent each characther IIRC, and there are other forms still.

The reason that 128 dosen't evenly divide into 13 chars (or 26 hex number [each hex number is 4 bits]) is because the key isn't really 128 bits in length. It's actually 104 bits for some reason (13 chars * 8 bits/char = 104)... Googling came up with a site giving the following quote:

The WEP static network key is similar to IP Security's (IPSec's) preshared key—it's a shared secret between two wireless devices that want to communicate with each other (e.g., wireless client to AP). WEP uses a network key, 40 or 104 bits in length, for authentication and data encryption. Confusing matters, vendors might specify a 40-bit key as 64 bits in length or a 104-bit key as 128 bits. In each set, the systems are the same; the actual key lengths are 40 bits and 104 bits, respectively. The remaining 24 bits are for an initialization parameter that isn't user configurable.

Click to expand...

2) Technically, the only limit is the computer generating the keys (in the case of encryption using public and private keys), or the insanity of the user / time on his hands to type in the keys (in the case of encryption using pre-shared keys [like WEP]). There is file encryption software out there that uses 2048 and even 4096 bit keys IIRC.


3) Assuming that the only way that you could crack an encryption is with brute force (which isn't true, especially for WEP [which has a small problem causing it to make "weak" packets IIRC]), then cracking time doubles with each bit added to the key. If a 128-bit key could be brute forced in a week, a 129-bit key would take two; a 130-bit four, and a 131-bit eight weeks.

Normally, a 128-bit key would probably take longer than a week to crack, but because the problem with WEP, it's possible to gather enough of these weak packets and basically reverse-engineer the key from them.


4) After having to write one myself for programming class, I'd have to say the hardest part of writing a program which does RSA encryption (the kind I had to do) is understanding the math behind it's operation. The math can be difficult to wrap your brain around without somebody who knows what they're talking about explaining, but once you understand it, the program is fairly simple to write and implement. I don't think my (Java) program came anywhere close to breaking 1000 lines...

JigPu

Thanks very much for all your help

Except... one more question:

3) Assuming that the only way that you could crack an encryption is with brute force (which isn't true, especially for WEP [which has a small problem causing it to make "weak" packets IIRC]), then cracking time doubles with each bit added to the key. If a 128-bit key could be brute forced in a week, a 129-bit key would take two; a 130-bit four, and a 131-bit eight weeks.

Click to expand...

So then - a 64-bit encrypted WEP would last mere seconds against a brute force attack, and a 256-bit would last for decades. Is that right? I heard that a 64-bit encrypted WEP takes several hours to break, but how can that be right? If it doubles with every bit, then 64-bit encryption would have to be very quick to break or else 128-bit would come out as a lot higher than a week.

Terminat. said:

Thanks very much for all your help

Except... one more question:

So then - a 64-bit encrypted WEP would last mere seconds against a brute force attack, and a 256-bit would last for decades. Is that right? I heard that a 64-bit encrypted WEP takes several hours to break, but how can that be right? If it doubles with every bit, then 64-bit encryption would have to be very quick to break or else 128-bit would come out as a lot higher than a week.

Click to expand...

Doh, I just wrote out a nice long paragraph on how i thought wep was insecure and found out i was wrong, so here's a link that explains it pretty well:

http://www.wi-fiplanet.com/tutorials/article.php/1368661

but to quickly answer your question, the length of time to "crack" wep is only a few seconds once you have enough information, the length of time required to learn enough to start cracking is dependate on the bit length (64 or 128), and the amount of data being passed, with 128 you need a signifigate more amount of data in order to crack.

Other encryption standards like RC5/RC5/AES/DES has no mathamatical flaw where there's a short cut other then brute forcing.