Which encryption key to choose, 128- or 256-bit?

When you encrypt a disk with USBCrypt, you have the option of choosing the length of the encryption key: 128 or 256 bits. Which length should you choose?

The naïve answer seems to be “the longer the better”: the 256-bit encryption’s got to be much better than 128-bit one, why not use it? The reality, however, is that the 128-bit encryption is just as strong as the 256-bit, while it requires less computational resources and is performed a bit faster.

How can it be, you might be wondering? Let me try an example. Consider two stars: Alpha Centauri and Sirius. It takes light 4.4 years to travel from Sun to the former star and 8.6 year to reach the latter. Which one is easier for us to get to?  The correct answer is: they are both unreachable. There is no technology available to the humankind now and for the foreseeable future to reach either of them. The same is true about the encryption: no technology exists now that would break either 128-bit or 256-bit encryption. It would take the power of 15 Hoover dams for one year to just flip all of the 128 bits, not including the actual verification of each such key. It would take longer than the age of the Universe to try all possible 128-bit keys for the fastest of the existing computers. In other words, if someone wants to get to your encrypted files, they are not going to try to discover the key by applying each possible combination of the bits until they come across the actual key. For such a method both 128-bit and 256-bit key are equally strong.

Instead of the brute-force, the adversaries have many much more effective methods at their disposal: they could install a keylogger on your computer that would intercept the keys when you are entering your encryption  password. They could install a hidden video device and record your keyboard as you are entering your password. They could monitor the electromagnetic signals your keyboard emits and discover your password that way from the distance. Or, they could kidnap and torture you until you tell them the password. All such methods are much easier and cheaper for the adversaries to use than the brute-force attack.

We hope this answers the question of this post, as well as other related questions you might have, such as “Why don’t you offer 2048-bit encryption like some of your competitors do?” 🙂

The USBCrypt team.

Tags: , , , , ,

Comments are closed.