Can the government crack the AES encryption?

128-bit encryption: no longer secure

Encryption strength is now usually measured in bits, for example 128-bit encryption. This means the length of the key. But this only describes some of the relevant facts, namely the maximum number of attempts that are necessary to guarantee to crack the key in the event of a brute force attack.

Other factors, however, are the computation time per attempt, which varies greatly depending on the algorithm, and above all cryptanalytical methods that actually reduce the length of the key.

A fundamental distinction must be made between two encryption methods - symmetrical and asymmetrical algorithms. Symmetric algorithms use the same key for encryption and decryption. This is not practical in many scenarios.

In e-mail traffic, for example, you would have to identify a key with each individual participant that you can use to exchange e-mails. This key should be agreed upon in a face-to-face meeting to ensure that no one else takes note of it. Under no circumstances should the key be exchanged by email. In addition, both participants have to rely on the fact that the key does not intentionally or accidentally fall into the hands of others.

Asymmetric methods use two keys, one for encryption and one for decryption. The former is called the public key, the latter the private key. The public key can be communicated to anyone. You simply ask your communication partner to encrypt every message with this key. The message can be decrypted again with the private key, which is not shared with anyone.

So much for the theory. In practice, asymmetric methods, such as RSA, require at least a thousand times as much computing time as equivalent symmetric methods, such as AES.

Computing time is an important issue when it comes to encryption. Let us assume that an algorithm consumes one percent of the CPU's computing time. Of course, that's not a lot, at least when viewed from a client that, for example, accesses a website via HTTPS. A server with the same computing power that serves 100 clients simultaneously, however, requires 100 percent of its CPU power only for encryption.

In a connection like HTTPS it is not possible with the current state of technology to encrypt all data asymmetrically. Every web server would be overloaded immediately. One therefore uses a trick. When establishing a connection, the computers only use asymmetric encryption to exchange the key of a symmetric algorithm that is generated with a random generator. This key is valid for the duration of the connection. The actual user data is encrypted using a symmetrical process.

For this two-stage model there are standardized protocols that negotiate the encryption algorithms and regulate the exchange of the symmetrical key. The best known protocol is SSL, which is now officially called TLS. Most of the time, however, the term SSL is still used.

So SSL is by no means an encryption algorithm. That is only being negotiated. RSA, DSA or Diffie-Hellmann are mostly used as asymmetric algorithms today. With the symmetrical one uses RC4, Triple-DES, AES or Camellia. RC2, IDEA and DES are no longer used for security reasons.