System encryption LUKS: What's the strongest and most secure key size?
I'm reading an article on the Arch Linux wiki about system encryption, in an example the author specified a 512 bit key. From what I read on Wikipedia regarding encryption ciphers it doesn't seem to be secure enough. That leads me to the question: what's the strongest possible key size?
Solution 1:
I don't have enough reputation to comment on the above answers concerning RSA, but they're both wrong in the context of the question asked, so for all people who happen to read this question in the future:
LUKS uses symmetric ciphers (encryption and decryption use the same key). RSA is an asymmetric cryptosystem, which uses a key to encrypt and another to decrypt. To make this possible, it uses a neat piece of mathematics. Its security is based on the difficulty of factoring large numbers. This is why the key size for RSA must be thousands of bits (otherwise the numbers involved are not large enough and can be factored in acceptable time given an attacker with enough resources).
Symmetric cryptosystems like LUKS do not need the same large key sizes because the keys are not tied to a number that can be factored to break the encryption. Therefore they are considered safe with much lower key sizes. Currently 128 bits are considered safe. AES, the standard algorithm for symmetric crypto, also supports 256 bits in case you're paranoid.
It would take 2n tries to exhaustively search the keyspace of a symmetric cipher, where n
is the length of the key in bits.
To give you an idea of the scales involved: If you had 10 million computers who could each test 10 million keys per second, it would still take several thousand times the current age of the universe to search all of the keys for a key size of 128 bits.
This means you're safe from a brute-force attack, no matter who the attacker is. Brute-forcing a symmetric key is not the way to go. Even attacking weaknesses in the cipher is difficult when you use high-quality ciphers like AES, etc, although the NSA might have some insights that the rest of the world doesn't have. But frankly it is way easier to hit you over the head with a large stick until you give up the passphrase.
Solution 2:
There isn't any strongest possible key
.
For each key of length n
you can always add one bit to make it stronger.
Solution 3:
RSA itself contains weaknesses, as see RSA Algorithm section "Weaknesses in RSA", as well as Cracking RSA and RSA: Hacking and Cracking.
That said, and if the method being used to crack your encryption is only brute force, then the strongest possible key size is the one that will require more computing power than is available to the hacker that is trying to decrypt your messages, or more time than he is willing to spend.
Recently, a 200-long RSA key was factored in 50 years of computer time, and 307-long in 100 years of computer time. I suppose even 128-bit will still take a few years of computer time.
1024 bits might be proof against most crime-rings, but so are probably 512-bits and even 128-bit. 1024 bits is surer, but do you expect an agency with the computing-power of the US National Security Agency to be used against you ?
If all you are trying to protect yourself against is the neighborhood script-kiddo, then 128 bits are enough. If you are trying to protect your bank transactions, then no hacker wastes his time trying to decrypt RSA, but rather will try to trick you into installing his trojan.
Solution 4:
As part of a starting point, measuring performance of encryption types on the system you plan to use may aid in a feasible decision.
cryptsetup benchmark