# Needle in a Haystack .. 128bit Encryption



## cerulean (Jan 24, 2012)

Lately I have been interested in encryption, secure storage, etc and was attempting to grasp how large of a key space 128bit really is. I decided to use very fine sand (as defined by Wikipedia as being 1/16mm diameter) and see how much sand is 2^128 grains.

So I know 2^128 ~ 3.402 * 10^38

And assuming we are translating a 1/16mm diameter grain of sand into a sphere (probably not quite right, but should be sufficient for a volume measurement) ends up translating to ~8000 grains of sand per cubic mm.

There are 10^18 cubic mm in a cubic km  and the Earth's volume is  1.08321Ã—10^12 km3 (again, according to Wikipedia).

So (8000 grains per mm3) * 10^18 mm3 / km3 * 1.08321 x 10^12km3/earth = 8.6656 x 10^33 grains of sand / Earth (we are talking completely filled!)

3.402 * 10^38 (size of 128bit key) / 8.6656 x 10^33 grains per Earth = 39,267 earths.

Is that correct? A 128bit key space if converted into one key per one fine grain of sand would fill up 39,267 Earths?

Anyways, just my way of attempting to visualize the daunting task of a brute force attack against a AES-128 key ... Definitely interested in input if I messed up the math somewhere!


----------



## fonz (Jan 24, 2012)

cerulean said:
			
		

> and was attempting to grasp how large of a key space 128bit really is.[snip]
> Is that correct? A 128bit key space if converted into one key per one fine grain of sand would fill up 39,267 Earths?
> [snip]
> Anyways, just my way of attempting to visualize the daunting task of a brute force attack against a AES-128 key ... Definitely interested in input if I messed up the math somewhere!


A quick check doesn't reveal any _major_ errors. It's still a rough estimate of course, but I'd say you're in the ballpark. It just goes to show how fast exponential growth really is.

Fonz


----------



## kpa (Jan 24, 2012)

http://www.codinghorror.com/blog/2006/07/brute-force-key-attacks-are-for-dummies.html

Basic brute forcing a 128 bit key is beyond science fiction, it will never happen. However the ciphers used may have weaknesses that can exploited to "shrink" the key space that has to be combed (for example known attacks for AES:http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Known_attacks). Proving that a given cipher doesn't have any weaknesses is extremely hard, maybe impossible.


----------



## Crivens (Jan 24, 2012)

These numbers look good - and totally mind boggeling.

But I would not place any bet against a certain entity which is the world top employer of mathematicans and measures it's computing power in acres, not nodes.


----------



## fonz (Jan 24, 2012)

Crivens said:
			
		

> But I would not place any bet against a certain entity which is the world top employer of mathematicans and measures it's computing power in acres, not nodes.


Understandable, but I'm with kpa on this one. Sheer computing power isn't the biggest concern anymore (feel free to repeat cerulean's computation for 256-bit or larger keys!). It's mathematical ingenuity (cryptanalysis revealing weaknesses in the cypher, leading to faster-than-brute-force attacks) and perhaps the development of a practical, real-world quantum computer (if you think that will ever happen, which is an entirely different discussion) that you should probably be more worried about.

Fonz


----------



## Crivens (Jan 24, 2012)

Brute forcing a perfect crypto algo will give you 256^N (N being the length of the document in bytes) of seperate documents which will contain all possible legal documents of the same length. Doing that is out of range for anyone known today. But it is said that Bruce Schneir creates his papers by using appropriate amounts of random and then decrypting it.  But this is for perfect algorithms, something which is hard to prove. AES may not be perfect, but I deem it good enough for the next 5 years. But again, if this thing has a loophole, you can be sure of where the knowledge about it will be.

But on the other hand it only takes the 50 cent pice of lead pipe from the scrap yard to beat seven kinds of passphrase out of you. No need to spend 5 bucks. But let's not bend this thread into quantum, that is a completely different can of worms.


----------



## fonz (Jan 24, 2012)

Crivens said:
			
		

> But let's not bend this thread into quantum, that is a completely different can of worms.


My bad, I've probably been playing too much _quantum tic-tac-toe_ (yes, that exists) 

Fonz


----------

