Resist Brute Force Attacks


Length of Encryption Keys:

A little trip down memory lane: In a meeting at the National Security Agency headquarters in November 2004, NIST representative Bill Burr told me that chances of finding an advocate of short (forty bit) keys in the Administration was about the same as finding Nazis in Germany in 1947. That's an oblique way of saying nobody will admit to it. But very short encryption keys were the order of the day for many years.


What's that all about? It's that longer encryption keys make it more difficult for hackers to try every possible key in what is called a brute force attack. The current status: The Bureau of Industry and Security through its Export Administration Regulations still controls the export of symmetric keys that are longer than 64 bits. (Symmetric means that the person encrypting and the person decrypting both need to use the same key.)


What is the Bureau of Industry and Security telling us? That the easiest way to defeat brute force attacks is to use longer keys.


Okay, our Extreme Encryption technology uses much longer keys. Extreme Encryption is not for export. You will see that under the Social Responsibility goal that Extreme Encryption is not for sale to anyone other than the United States government and organizations either sponsored by a government agency or contractually serving government needs. The purpose is simple: to keep state-sponsored hackers in China from stealing our technology and government secrets. Like it or not, we are engaged in cyber-warfare.


Count of Encryption Keys:

In its current release, Extreme Encryption has more unique keys than there are particles in the universe. Suppose one billion computers each tried one billion unique keys per second. The odds are that a hacker so equipped isn't going to break even one document within the lifetime of the universe, let alone the lifetime of the hacker.


In summary: Brute force attack on Extreme Encryption? Forget about it. It is "computationally infeasible".


"Good Enough" Encryption:

The various levels of Marpx Privacy™ are scaled down variations of Extreme Encryption.


Marpx Privacy™ Level Two has only ten million unique keys -- the numbers 0000000 through 9999999. Marpx Privacy™ Level Three has many more unique keys, 78.3 billion altogether. Both products are vulnerable to brute force attacks. The question is how much is your information (files or messages) worth to a person who might be interested? You can be pretty sure that app developers aren't going to try up to ten million keys in order to read just one of your emails. See Tech’s 'Dirty Secret': The App Developers Sifting Through Your Gmail by Douglas MacMillan in the Wall Street Journal, July 2, 2018. If the data is your firm's strategic plans for the next five years, no competitor will have the resources or the willingness to try up to 78 billion keys.


In other words, we have presented products that are scaled to the likelihood of someone valuing your information highly enough to spend heavily enough to decrypt it -- especially if you use a different key for each file and message. Your data may be interesting. But it's surely not that interesting!


MarpX Privacy