Page 427 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 427
publicized. Like RSA, it’s based on the difficulty of performing
factoring operations, but it relies on a component of set theory
known as super-increasing sets rather than on large prime
numbers. Merkle-Hellman was proven ineffective when it was
broken in 1984.
Importance of Key Length
The length of the cryptographic key is perhaps the most important
security parameter that can be set at the discretion of the security
administrator. It’s important to understand the capabilities of your
encryption algorithm and choose a key length that provides an
appropriate level of protection. This judgment can be made by
weighing the difficulty of defeating a given key length (measured in
the amount of processing time required to defeat the cryptosystem)
against the importance of the data.
Generally speaking, the more critical your data, the stronger the
key you use to protect it should be. Timeliness of the data is also an
important consideration. You must take into account the rapid
growth of computing power—Moore’s law suggests that computing
power doubles approximately every two years. If it takes current
computers one year of processing time to break your code, it will
take only three months if the attempt is made with contemporary
technology about four years down the road. If you expect that your
data will still be sensitive at that time, you should choose a much
longer cryptographic key that will remain secure well into the
future.
Also, as attackers are now able to leverage cloud computing
resources, they are able to more efficiently attack encrypted data.
The cloud allows attackers to rent scalable computing power,
including powerful graphic processing units (GPUs) on a per-hour
basis, and offers significant discounts when using excess capacity
during nonpeak hours. This brings powerful computing well within
the reach of many attackers.
