display | more...

Any effective cryptographic system that cannot be broken by the best computer technology available today and in the foreseeable future, i.e. any ciphertext that is safe from the prying eyes of the National Security Agency. As of 2001, strong cryptography would mean a block cipher with a key length of 128 bits or more and an RSA or ElGamal modulus of 1024 bits or more. Oppose kid sister encryption.

For a very long time strong cryptography was considered dangerous munitions by the US Government, meaning export of programs that used strong cryptography was restricted by the ITAR rules. If you sold strong crypto to foreign nationals without an export license you would be considered an illegal arms dealer, and be dealt with as though you had sold a nuclear device to a group of terrorists. However there have been recent court rulings (thanks to Dan Bernstein) that served to relax these restrictions, but it seems that the events of September 11, 2001 are going to undo all of that.

To be seriously considered "strong", any cryptographic method has to fulfill two requirments:
  • The algorithm must guarantee an exponential relation between key size and the computational effort for decoding the message without the key. There must be no back doors in the algorithm itself.
  • The key size that is used must be large enough to ensure that (through the above-mentioned exponential relation) decoding without the key takes so long that it is infeasible on even the most advanced hardware, now and in the foreseeable future.
For example, DES cannot be considered strong cryptography anymore because it uses a fixed, relatively small key size which eventually made it impossible to fulfill the second requirement.

Note that I have not used the expression brute force, since the fastest algorithms for e.g. prime factoring (which is necessary for cracking RSA) are quite sophisticated and achieve far better results than the "brute" try all keys method that has to be used on the likes of RSA and IDEA.

However, the first requirement is still fulfilled since the relation is still exponential (though the base is smaller). Something that has to be considered when deciding whether a cryptographic method fulfills the first requirement is how vulnerable to differential cryptanalysis it is.

Log in or register to write something here or to contact authors.