 So this topic, we're going to get to very, cover very briefly stream ciphers and related to that. And a very important part of many security algorithms is random numbers. Okay, so we'll talk first about random numbers and then some quick examples of stream ciphers and then return and look at brute force and other attacks on ciphers in general. With our block cipher, with AES for example, it operates on a block of 128 bits at a time and one mode of AES I use a 128 bit key. And to use a block cipher, a symmetric cipher, the encryptor and decryptor must know the same key. Okay, so we encrypt with one key, we decrypt with the same key. That's the idea of a symmetric cipher. How do we choose a key? Choose a 128 bit value, 128 bit key. Anyone? How are you going to choose one? What about, and I will not write all 128 bits, but what about this as a key? If I choose a key, I want it to be secret, but I'll tell you. Okay, all zeros, 128 bits and maybe a one at the end, decimal one. I chose that as my key and I tell you the person I want to send a message to and what I do is I take my data, my file, I encrypt using AES using this 128 bit key. You know the key so you can decrypt. Is that okay? Secure? Why? Why is it? What's wrong? Alright, everyone knows, but let's say I trust you and we don't want someone from IT section to know. So what can an attacker do to try and decrypt the ciphertext that we get? So I take some plaintext, encrypt using this key and I get some ciphertext. The attacker has the ciphertext. Assuming we have a strong cipher, there are no known attacks against the cipher, what can the attacker do to try and break the ciphertext to get the plaintext? What can they do? They don't know the key. What can the attacker do? Come on, you need to be think like a malicious person. I know. Brute force, generally brute force or try and guess keys. Brute force means guess a key, that is take the ciphertext, let's as an attacker guess, choose some random key, decrypt, and see if the plaintext we get from decryption makes sense. If it does, we've found the key. If it doesn't, we try a different key. We guess a different key and we keep guessing keys until we get one that decrypts successfully. Now, maybe as an attacker instead of guessing random keys, maybe you would start with some structured keys. Maybe I'll try all zeros as a key, as the attacker. Guess that one first and maybe try this key second. Yes, it can be a random value but the attacker, if they have some knowledge about how you may choose the keys, they can use that to try and try those keys first, which gives them much more chance of finding the plaintext. Brute force is going to take too long but if they can try the keys all zeros, all ones, 127 zeros and one one, then immediately they've found the plaintext. The point is, if you want to prevent a brute force attack, when you choose a key, you should choose random keys. If you choose a key, let's just use all ones because it's easy to write down, then it's not random and the attacker can take that knowledge. Steve's lazy, he just chooses keys which are easy to write down and try them first and find the plaintext. So when you choose a key, it should be a random value. Similar, when you choose a password for your login for Moodle, it should be a random password, a random set of characters. Everyone chooses random passwords for your bank account, your hotmail, no one chooses random passwords. We'll come to that in another topic because random passwords for humans are hard to remember but for computers, because usually the user doesn't have to remember the key, we'll see that it's usually software choosing the key. So they can choose a random value and store it in memory or on disk and encrypt using the random key. So we need to use random numbers to generate keys for encryption. Many other aspects of security, network and security protocols make use of random numbers and that's why we're talking about random numbers now because they are in fact used in many parts of security. One of them is choosing keys but there are other parts where we use random numbers. How do you choose a random number? Come on, you've all had almost two weeks holiday or maybe holiday. So your brains are refreshed. Use the current time. Choose a random number. Use the current time. Okay, is the time random? Sorry, use the time to generate a fake random number. The time is predictable, it's not random. The time now and the time in one second time, I can predict what that is. The time is not random. What can we do with it? Throw a dice. Okay. So every time I want to choose a 128 bit key. So what do I do? Get a die? 128 side die and roll it. Or two side and roll it 128 times. Flip the coin. Okay, not very convenient. How do you get a computer to generate random numbers? Use a function. What function? When you're a computer scientist, give me an example. RAND, use the RAND function. Okay, great. Now, your task is to implement a new RAND function. How are you going to implement it? What does a RAND function do? It's not magic. It follows some steps. You can't just rely on that all the time. How would the RAND function in your programming language be implemented? How do you think a computer can generate random numbers? Anyone? Use the ID of the CPU of the software process. Usually not random. Usually limited between 0 and 65,000 or so. There's not many values to choose from. I suspect it's not very random. I want to choose a value of 128 bits length. I think there will be some structure in the processes. The first process will always be process ID 1, say on a unique system. How do you generate random numbers? Okay, let's try easily. How do you generate random numbers? I ask you, choose a random number between 1 and 1 million. Too slow for my software. Anyone else? How do you generate random numbers? It's hard to describe, isn't it? Remember, a computer just does what we program it to do. We program a computer from the very basics. The assembly language to program the operations. To implement that RAND function in C or in whatever language you use, we must program some function. In most cases, we actually don't create real random numbers or true random numbers. We use some function that approximates random numbers. And we'll go through some functions. Some are very simple. Some are more complex. But it's really just a function that takes some input and produces, hopefully, some numbers which look random. So it's not easy to create random numbers. In many cases with our computers, we generate what we'll call pseudo-random numbers. Pseudo means not quite. Not really random, but approximately. So we often call them pseudo-random numbers, not true random numbers. So let's explore that a bit further and see how computers may generate random numbers. Why do we need random numbers in security? Select keys. We need a random number. And we need to do it fast. And so we can't just roll a dice manually. We need software to implement to choose a random number and be able to do it quite quickly and repeatedly. And there is a number other places. So generating keys. We'll use them in stream ciphers. Authentication. We'll see these concepts or technologies later. They all make use of random numbers. So we need random numbers. What do we mean by randomness? A uniform distribution is one measure. There are others. It's not the only one. But think of a sequence of numbers. Then we'd expect if it's a binary value, we'd expect on average for a long sequence we'd have the same number of zeros and ones. So a long sequence, say if we consider many, many random numbers, binary, say, millions of bits, we'd expect not all of those bits to be zero. If all of those one million bits were zero, I would guess that that's not a random number. So we'll have to expect the same frequency of ones as zeros if we consider a binary value. But not necessarily 500,000 ones, followed by 500,000 zeros. Same number of ones and zeros. But we'd look at sub-sequences. Instead of looking at all one million, look at 500,000, we'd expect approximately half of them to be zeros and ones as well. So of different sub-sequences, we'd expect a uniform distribution of our zeros and ones. That's one measure or one way that we try and interpret randomness. Another one is independence. Take a sequence of numbers. The next number in the sequence should not depend upon the previous numbers. Or at least it should be very hard to see the relationship. We'll see with pseudo-random numbers. Let me generate a random sequence of numbers. I'm going to write some numbers. Let's say I have a random number generator. And I call it many times. My code calls the RAND function many times, and it returns these values. The first value it returns is 10. That's working decimal. The second value it returns is 20. The third value is 30. And then 40. What do you think this value is going to be? We'd say that this value is not independent of the previous values. It's actually dependent on the previous value. We see there's a pattern here. Is this a random sequence? No. There's some structuring. The next value in our sequence was dependent on the previous values. Here it's quite obvious it was dependent. What about this? What's the next value? Again, a sequence of numbers generated by the RAND function. The first time I call it 17, then 26, then 93, 1, 52. What's the next value? What's the next value? What do you think? And I'll give you a hint. It's between 0 and 100. I don't know. That is, there's no pattern in this case. I tried to choose them randomly in my head in this case. So we'd say that we have a sequence, and we cannot see any dependence between the numbers. Whereas in the first sequence, we could see the dependence that they're increasing by 10. In this case, we cannot see the dependence between the numbers. Hopefully, this next one is independent of the previous ones. It doesn't depend upon the previous values. If so, then we'd generate a random sequence of numbers. So we'd like independence of our numbers. So that given one value, we cannot infer what the next value would be. So you couldn't guess what this would be. Well, you couldn't correctly guess because there's no dependence between those numbers. So that's what we'd like in a random number generator. And another way to interpret that is it's hard to predict the next value. And that's an important property for security. We'll see why soon. So we distinguish between true random number generators and pseudo random number generators. Sometimes shortened as PRNG. Pseudo random functions, let's ignore that. We'll not talk about that. Keep it simple. A true random number generator uses some physical source, some non-deterministic source to generate random numbers. Non-deterministic means it's not predetermined. We do not have some algorithm for generating them. Some examples of such sources, something that measures radiation events. In the physical environment, measurements of radiation from some source is considered to be random, or as close as random as we know in physics. Similarly, if we have capacitors on some electronic set of... on a motherboard, for example, or on a circuit board, the measurements from those capacitors usually exhibits randomness. Some noise from different electronic components is considered that the noise is not predictable. It's random. Or some noise from some audio system. The noise that comes out of the speakers through the audio system is often considered random, truly random. So yes, we can use in computers some of these sources. We'll talk about that. Okay. And then, maybe a little bit less so, but still often considered true random is different physical activities if we think about a computer. Measuring the difference between the times of I.O., input-output operations on a hard disk, the writes and the reads on the hard disk, over different periods of time, in some cases exhibits true randomness. Or interrupts. In fact, usually combining these together, not just one, but looking at the time in which software or interrupts occur from a piece of hardware, disk read-write operations, activity on a keyboard, even on a mouse, can start to exhibit true randomness. All of these true random number generators usually require some physical device to measure them. How do I get random numbers out of some radiation or leaky capacitors? I need some special device to measure the input and then convert it into binary for our random numbers. And usually they generate just a small number of values over a period of time. So because they need physical devices, to implement random number generators using true sources on computers is usually costly or inconvenient. So it's not so common. Who has a radiation measuring device on their laptop? No one, okay? So how do you get random numbers on your laptop? How does the RAND function work? Well, we use what's called pseudo-random number generators. We use some algorithm or function to calculate numbers and output a sequence of numbers such that hopefully, if it's a good algorithm, that sequence of numbers appears to be random. It's not truly random, but for most practical purposes it's random enough. A relatively random sequence. But note it's a deterministic algorithm. The algorithm is implemented follows some steps. So in theory you can determine the next value. You can determine what the values are going to be in the sequence. In practice it just needs to be hard to predict the next value. So in practice most computers use pseudo-random number generators. Some special cases may use true random number generators. For example, you buy CPUs now, like an Intel or an AMD CPU, and they have inbuilt their own operations to generate random numbers. And it's thought that they take some measurements of what the CPU is doing to get some input of randomness. And that can be used as a true random number generator. So to use in a computer system where we need a generator random number or a sequence of bits, if we have a source of true randomness, we can measure that and then convert it into binary and we get our random stream of bits. But that requires some physical measurements usually. It is inconvenient. So in a pseudo-random number generator what we do is we just have some algorithm that takes some initial input, some initial value. And with random numbers it's called the seed value. And that algorithm takes that seed, produces an output and usually has some feedback. The next value is fed back and produces the next value. So we generate a stream of bits if we look in binary. And that's a pseudo-random number generator. Let's go straight to an example. We'll come back to some of the things we skipped. The linear congruential generator, LCG. An example of a simple pseudo-random number generator. Simple to explain and go through a few examples. Here it is. The idea of random number generators is they generate a sequence of numbers where that sequence should appear random. So this function or algorithm is defined here where it takes several parameters. The idea is that we have three constants. A, C and M. A is a multiplier. C is just some value that we add. And we take the current value of our random... our current random value and multiply by A, add C and mod by M, the modulus. And that produces our next random value in the sequence. And to generate the next value then we use the previous one again and use the same function and generate hopefully a random sequence. So just let's see how that works in practice. And then we'll come and discuss some of the design issues. So what we need to do is choose values of these constants A, C and M. So the constants for this algorithm. And we have an initial value, X, 0. We need to start with some value. That's called our seed value. So we choose a seed value. So I'll give you some parameters and you'll calculate some of the values in the sequence. Let's say to get started we choose... we're using LCG. And the parameters you can try. Let's keep it simple. A is 1, C is 1, M is 100. And we start with an initial value, a seed value, X, 0 of let's say 23. No significance of the seed. Generate the next few numbers in the sequence using the LCG function. See what happens. So use those three constants in that algorithm and that equation and the initial value X, 0 and see what X1 is and X2. And that will be our sequence generated by this pseudo random number generator. So find X1. When you have X1 you can find X2 and X3. Anyone have the values of the first 10? X1 through to X10? So simply look at that equation. Xn plus 1 equals AXn plus C mod M. You have the constants AC and M. You have X0. So from that you can calculate X1. N equals 0. So you'll get X1 as the output. Then do it for the first few values. What do you get? Keep going. Values? Come on, come on. Give me some random numbers. No need to use your computer to calculate. I think you can calculate addition and multiplication by yourself. But fine, use your computer. Let's see if this random number generator is as good as the one that the Mac OS uses. X1, 24. Keep going. X2, X3, X4. Let's see. So simply A times Xn, the current value, plus C mod M. M is 100. C is 1. A is 1. So in fact we forget about A because it's multiplied by 1. So it's the current value plus 1, mod 100. So the current value plus 1, mod 100, 24. X2, 24 plus 1, mod 100. So we say X, our sequence. We're starting with X0. Our C was 23. And if we write the sequence of numbers, I think you'll see 24, 25. We just add 1 all the time. Up to where? 99. What's after 99? 0. Mod 100. And eventually we'll get back to 23. That's a comma. Alright. Not a very good random sequence. So this is our random number generator, but with a set of parameters we've used, it's not very good. So we'll change the parameters in the moment. So we just increment by 1. So not a good random sequence. But the aim is to generate a sequence of numbers which appears random. This one doesn't appear random. It's obvious in this case. But some characteristics. Note that when we get back to 23, if we kept going we'd be back to 24, 25, and we just repeat all the time. We'd get back to 23 and repeat. We repeat. So the set of unique values is called the period. Or the length of those unique values is the period of this sequence. What's the period of this sequence? Or how many values? So the period in this case goes from here up to 22, in fact. So 23 all the way through to 22. And how many values there? 100. The period of this sequence, we have 100 different values generated here. We'll return to why that's significant after we see a few other sequences. Let's try again, but with some different parameters, and see if we can get a better random sequence. One that looks more random. Let's try our LCG same algorithm, but let's try A is 7, C is 0, and M is 32, and a seed of 1. Generate the set of sequence numbers with this configuration of the LCG. Easy task. Same algorithm, different parameters. A is 7, C is 0, M is 32, X1, what value do you get? Remember we have A times X0, 7 times 1 plus C, all mod M, 7. And X2, keep going. Just to keep your brains working. Some simple mathematics. X2, 17, someone's got 17, that sounds familiar. X2, 17, again. 7, A times our previous value, A times our previous value, which was 7 plus 0 mod 32. 49 mod 32, 17. X3, and you'll do the same. 7 times 17, which is 119 mod 32, 23, good. You can check. X4, 7 times 23, which is 161 mod 32, is 1. X5, it's 7 again. We're back, we're repeating again. Because if we have 1, we've already got to 1, so from 1 the input will be 7 again, we repeat. So we can say this sequence, in this case, X, we start at 1, 7, 17, 23. A period of 4. There are just 4 values generated with this sequence, and then we repeat. In the previous sequence, we had a period of 100. We'll see that longer the period, the better. But not necessarily the better random sequence. We have 23, 24, 25. Definitely not random. Looks a little bit more random. It's not 1, 2, 3, 4, 5, but can we do better? Well, if you change the parameters around, you can start to get more random looking sequences. So it's all about with this algorithm choosing the correct parameter values. We'll not go through it. I'll give you a one that you can check later. Another configuration, A is 5, C is 0 again, M is still 32. With the same seed of 1, we get, and I've calculated it before, 1, 5, 25, 29, 17, 21, 9, 13, and then we go back to 1. A period of... We have a very simple algorithm with several parameters, and it turns out with this algorithm, if we choose the parameters well, so some parameters are not good. The first set were terrible because we just got incrementing numbers. If we choose them well though, we can generate quite good random sequences. This sequence, 1, 5, 25, 29, 17, 21, 9, 13. Can you see any structure there? Nothing obvious. There is structure because it comes from an equation. But the sequence, this very simple example, it looks to have some randomness, especially compared to the first sequence, which was just incrementing numbers. The third one compared to the previous one, there's only four numbers there, in general, the longer the period, the better. We desire a long period. That is a large number of numbers before we repeat. With LCG, how do we make the period longer? In theory, what's the maximum period? It's m. This equation takes some value, mod m. The answers are always going to be between 0 and m-1. We can never have an answer which is larger or m or larger because we mod by m. The period is limited by m in this case. If you want a large period, make m large. Some recommended values for using LCG in practice is to make m as large as possible. It turns out it's good if it's a prime number. Modding by a prime number will give us more distinct values in the result. Choose a prime number as large as possible. That depends upon your computer. If you've got 32-bit numbers, a large prime number is 2 to the power of 31-1. People have found that before. Which means the maximum possible period if you use this value of m is about 2 to the power of 31. About 2 billion. You can have up to about 2 billion different values in your random sequence. Guaranteed you'll have to repeat. You need to choose values of a and c which are good. The first values we chose were not good. Some people have done analysis and found out if c is 0, there are several good values of a. 1 turns out 16,807. Try it. Set c to 0, a to 16,807, m to 2 to the power of 31-1. Choose a seed, choose x0 and start calculating the sequence of values and you'll see you'll get a very long sequence of different values before they repeat and they will look random. So there's the first example of a very simple algorithm to generate random numbers. So your random function in your programming language will use a pseudo-random number generator. Not necessarily this one, maybe a different one. You use a pseudo-random number generator to generate a sequence of numbers and they will always have a period, a finite period which means if you keep calling that random number generator eventually you'll get back to the first value and repeat the sequence unless you change the parameters and that's where the seed is important. By changing the seed you'll get a different sequence to start with. So if you're using the random function in your programming language then often there's a way to change the seed for that random number generator and that will produce a different sequence of random numbers. Let's go back and see some of the general concept we've missed. So what would we like with a pseudo-random number generator? We want to be able to generate a stream of numbers, a sequence of numbers. Usually we think about binary. Our examples we use decimal but usually we want binary values for security or for security applications. We generally like such that we can generate some stream of random numbers but if you don't know the seed at initial value it should be hard to determine the sequence. So if you don't know what the seed is an attacker even if they know that algorithm shouldn't be able to determine what the sequence is. It should be unpredictable. Forward and backward unpredictability means that given some value you cannot predict the next value. You cannot predict forward or given some values you cannot predict previous values. So given subsequent values you cannot predict what happened in the past. There are different tests. So we've just said this sequence looks random. There is a mathematical test to start to consider a sequence and give some measurements of how random it is. So there are different tests to be more scientific than just saying it looks random. Like looking at the frequency of numbers bits that occur in there and they occur the sub-sequences things like compressing if it compresses well it's not random if it doesn't compress well but it generally exhibits randomness. So what we would like is when we use random numbers for security purposes is a generator such that if the attacker doesn't know the seed they cannot predict other values in the sequence. And for that to work we normally need to keep the seed secret and often to choose a seed we don't just choose x0 equals 1 we choose a seed which is random. And a common way is then to use a true random number generator. Use a true random number generator to generate a seed and then use that seed in a pseudo random number generator to generate a larger sequence. It's more convenient because true random number generators generally just work or only produce a small sequence of values in a fixed period of time. So a common use of random numbers for security purposes you have an entropy source but think of some physical source some measurement of the CPU operations the disk operations the noise from circuits you have different sources you have some device that can measure those sources and generates some random number. We'll use that as a seed into our pseudo random number generator which generates a large sequence of random numbers. True random numbers are typically generated only a small sequence of values in some period of time pseudo random number generators can generate many random numbers so this is a common way to to use it. Often your operating system may try and implement this in that your operating system provides a facility for generating random numbers in that your computer measures different characteristics and you can use a combination of physical sources CPU operations hard disk operations keyboard input, mouse improvements different physical operations on your computer are measured and used to generate a true random number generator which is then used as a seed in a some function, our pseudo random number generator which is then made available to applications by your operating system. What's another random number generator? There are many others we've just gone through a simple one that we can demonstrate LCG so it's not commonly recommended for when you want strong security there are other algorithms which are better Blum Blum Shub developed by three people a different algorithm it's considered secure when we use it for cryptographic or security applications you can see the example on the next slide but we take some large prime numbers and this may not make sense to you yet but we'll in the next few topics such that those large numbers when we mod by 4 give 3 calculate some large n by multiplying those prime numbers and we take our initial value as some random s squared mod n and then go through a loop and generate xi based upon the previous value mod n and extract the last bit in that number to get the sequence of random numbers but not so important to go through that have a look if you want so an example of some initial parameters we go through and generate these values using the equation and we take the last bit from that and our random bit stream is 1 1 0 0 1 1 1 0 0 0 0 1 and keep going so that's the output in this case not these numbers but those bits of the output and we just keep running that loop it's a for loop it can run forever just keep running that and it keeps generating a stream of bits this is our random bit stream if we want to generate our 128 bit we run it 128 times iterations somewhere else but there are many other algorithms I think that will stop for us on random numbers there are different algorithms we can all use block ciphers like DES and AES to generate random numbers because encryption the idea of encryption takes some structured plain text produce some random looking cipher text so encrypting something is a random number so we can use encryption to generate random numbers so it works quite well the problem is often it's quite slow to encrypt something compared to using the algorithms we've seen so we can use encryption if needed let's have a look at an example or several examples let me just check say on a Unix operating system the operating system has its own generator so it measures and there are different implementations but it commonly measures different inputs from the hardware and think of that as the true random number generator and generates a sequence using some pseudo random number generator in Unix or Linux operating systems it's called a special device called random or u-random and it just keeps generating random numbers so if I look at the contents of u-random which is generated by my operating system I will see random bits but if I display it on the screen it will come out as garbage so I will just display a selection of it using this program XXD XXD takes the binary value and converts to hexadecimal so this displays the output of the operating system random number generator a sequence of bits head-1 just takes the first line of output because it keeps going and XXD takes that first line of output which is a sequence of bits and converts it to hexadecimal so I can show it on the screen 758B this is the random hexadecimal digits so this is used from the operating system just an example and other operating systems would have their own implementations of random number generators some are more secure than others in terms of the ability to predict the next value in the sequence if I want in binary it doesn't show you as well but we can convert instead of hexadecimal into binary and we get our binary sequence let's do it again let's zoom out a bit if I keep doing it you should see it's not easy to see but if you compare all those values you'll see that different there's no structure in there if you do tests on the randomness on those sequences of zeros and ones you should see that they exhibit those characteristics of unpredictability and distribution of zeros and ones the next part but let's let's finish with something else let's not cover stream ciphers today and go back and look at in the last 10 minutes something that we skipped is attacks on block ciphers the last slide one of the last slides returning the block ciphers des as, triple des how secure are they? well, there are two types of attacks brute force and crypt analysis brute force, trial keys so the security depends upon the length of the key so with des the keys space with the 56 bit keys, 2 to the power of 56 so an attack on des the time it takes if we measure in number of operations we need 2 to the power of 56 operations to find the key brute force, trial keys in the worst case so we talk about the time for a des attack the best known method is in fact brute force takes 2 to the power of 56 operations which is feasible today with the right hardware that's possible triple des if you use 3 different keys 3 different des keys of 56 bits gives us a key length of 168 bits so the key space is 2 to the power of 168 a brute force attack on triple des would require 2 to the power of 168 operations so if you do the calculations that's going to take forever but we can still use the man in the middle attack on triple des but we need to do it two times because we have two values in the middle, triple des had encrypt you get an x value encrypt again with triple des encrypt we get x1 encrypt get x2 and get our cipher text after the third encryption we can do a man in the middle but it takes much more effort because we need to do it two times effectively turns out the amount of effort required using a man in the middle attack on triple des requires 2 to the power of 111 operations brute force 2 to the power of 168 but with a man in the middle we cut it down to just 2 to the power of 111 there are other known attacks one of them by Lux who wrote a paper about it takes a little bit longer 2 to the power of 113 so we measure attacks based upon how many operations they would take we compare them to brute force if it's slower than brute force then it's not a good attack if it's faster than brute force then that's better how much faster we care about so brute force on triple des 2 to the power of 168 but there are better known attacks which bring it down to much less but still 2 to the power of 111 still would take a long time and we've got some slides earlier I think we've seen how long that would take but with these attacks the other thing to measure how good they are remember with double des we assume the attacker knew some plain text ciphertext pairs in advance to perform the attack the attacker needed to know something in the advance so we often measure how much data is known in advance the more you need to know the harder it is for the attacker so with a man in the middle attack you only need to know 4 different values that's nothing, that's easy but with this other attack you need to know about 4 billion different values which is much harder in practice to know those values so we can compare them based upon how much data they need to know and in memory they consume when we do the attack how much data we need to store so with a man in the middle attack we require to use memory of up to 2 to the 56 which is a lot of memory so if you do the calculation in bits or bytes or whatever it doesn't matter so in theory we can do these attacks but in practice well we can't because of the time but if we could because of time in practice the memory becomes a limitation we don't have enough memory to perform these attacks AES is recommended today and there are 3 modes with AES they have different key lengths 2 are listed here 128 bit key key space 2 to the 128 the best known attack at least in the last few years with this one called by clique attack and the amount of time it takes is 2 to the 126.1 so brute force 2 to the power of 128 this crypton analysis this other attack about 2 to the power of 126 about 4 times faster than brute force so not very effective because if brute force took a billion centuries then this attack would just take 250 million centuries still doesn't help us it doesn't require much memory but it requires a lot of known data I can't remember but billions of terabytes okay so again not practical from memory from data perspective or from time with a 256 bit key the same attack brings it from 256 down to 254 so there are different attacks this just lists some of the known attacks on the real ciphers the attacks we measure compared to brute force usually in terms of number of operations amount of memory needed amount of space to store the data and the amount of data you need in advance to perform the attack and they differ in each of those so today AES the advanced encryption standard even with 128 bit keys considered secure there are no known attacks that we are aware of that are practical and even in the future it's still considered secure with 128 bits but if you want to be safe use 192 bit keys or 256 bit keys so maybe in the future someone will come up with better attacks but frankly there will be a significant advance that reduces this to be manageable maybe down to 2 to the power of 100 or 2 to the power of 80 maybe possible in some cases the problem with longer keys is that it's slower to encrypt and we are going to introduce over the next few lectures some software to do the encryption called OpenSSL and I'll just give a quick demo now of the different ciphers and actually I will not do an encryption I'll just show a speed test it gives us how fast my computer is to encrypt using different ciphers if I use AES with a 256 bit key with a different mode of operation it does a speed test of takes many random inputs and encrypts them using AES with a 256 bit key performance benchmarks doesn't take long it tries different input sizes don't worry about all of this this is saying that it takes just focus on this number 60 million bytes per second it can encrypt 60 megabytes per second is the speed so if I have 60 megabytes of data I encrypt with AES in this configuration my computer can encrypt 60 megabytes per second about different computers will be at different speeds and different algorithms different speeds I think we have triple des different name desed3 so you can try different ciphers and see which ones are faster than others I made a mistake in the previous case desed3 really means triple des encrypt, decrypt, encrypt 20 million bytes per second AES was 60 million bytes per second triple des 20 million bytes per second it's triple des is three times slower than AES so there's the advantage of AES it performs much much better one last one by default they use software to encrypt the CPU just normal software I've set an option to tell my tell the program to use my special instructions on the CPU that does AES encryption before AES was 60 million bytes per second by using hardware encryption so the CPU has special operations to encrypt AES it's up to 176 million bytes per second so hardware encryption can be much faster than software based encryption we'll see some more examples of open SSL over the coming lectures let's stop there