We're gonna also question when is 128 bits of encryption 128 bits of encryption?

What does that mean?

Is that good?

Right?

You know, will a quantum pew to affect this?

There's only a few years ago used to say military grade.

I mean, we all were using military grade encryption very much so.

If you're using turning 56.

But yes, it's slightly more military, even 128.

But if you're using 100 don't feel bad.

You're still doing absolutely fine on a very, very simple level for a symmetric cipher.

That is a cipher where we use the same key for both encryption and decryption.

So we're not talking about public key right there.

What we usually mean when we say 128 bit is the length of the key.

We don't tend to talk about block size, particularly so 128 bit A s is a s with 128 key.

You also have 192 and 256 bit variance of a Yes, they have the same block size, but the key gets longer have a number of rounds changes.

The reason we talk about the key length, particularly, is because if the cipher is good, the key is a bit you don't know.

The key is a bit.

You're gonna have to guess.

So For 128 bit block cipher, you might have to brute force through two to the power of 128 different keys.

That's a lot of keys.

You might get lucky.

You might get it halfway through, in which case it's 2 to 127.

But I have a way.

It's not a picnic like that is years and years and years of work, much too much work, even for the world's fastest supercomputer.

Because 228 is a lot bigger than you think.

This'll only gets harder if we make these keys bigger.

So 2 to 192 operations or two to the 256 which is the number so unimaginably large.

Lester's not even worry about it.

If your encryption is using a key, that's 2 to 256 long, and there isn't another issue with your cipher so that the security base is based entirely on the key, then that is not brute, forcible in any sense, within the next 10 years.

Within the next 30 years, it is good for us.

If that's the case.

So which of you should be used?

Well, I mean intuitively, 256 bit.

But actually 100 28 bit is currently out of reach of any attacks, but it's always a slightly more complicated in this.

What we also talk about, maybe the security of an hour within itself.

Maybe there's something in the album but isn't quite a secure is the key itself.

So maybe it wouldn't take 2 228 operations to solve it.

Let's say I've written a cipher that's got 128 bit key.

It may not have 128 bits of security, which is to say, it would take this many operations to solve on that.

Why?

Because my sight is not very good.

Maybe it doesn't mix up things enough or it doesn't commute enough.

I don't know.

I designed it.

It's not going to Vegas, so you might find a new attack or break on something like a s what it's doing is not telling me how to solve that problem.

It's just reducing this number.

So maybe there's an attack on A S, but brings it from 2 to 128 down to 2 to 125 or something like that.

Now that is many times faster than that, but still totally out of reach.

So that is what I would call an academic break.

Which is to say, we've technically found a weakness in the underlying our with our with him.

But it's not a weakness.

It affects me in their everyday life, which arguably is what I care about most.

So we want to distinguish between the bit length of the key.

So when we say we got 128 but yes, we were phoning to the key, but actually the level of security could be slightly lower, depending on the hour womb.

I mean, to use a really obvious example.

Let's imagine I have an algorithm, but just depends.

The key to the message doesn't do any encryption.

It all right that has a security off zero bits because encrypt anything.

But it does have a nice 128 Bit key.

For what it's worth, I Not a very good example.

You get the idea.

If you've got some fundamental weaknesses near cipher, it's not gonna take a full brute force to do it.

Brute force is the absolute worst case for an attacker.

Now, this is slightly more confusing for public key cryptography.

So things like R s a and defeat helmet because they tend to have much, much bigger keys.

So a typical Diffie Hellman or it's a key is gonna be somewhere between 20483072 or 496 bits easier commerce sizes now to factor and soul V.

R s a problem for a free 1000 Big key.

It's roughly the same as brute, forcing 128 bits.

Good symmetric cipher like So those numbers, obviously not even close to the same.

So the security margin in some sense of these is lower forgiven Keeling.

One of the reasons that lipped occurs is so popular is very get us a little bit closer from here to here.

So an elliptic curve off 256 bits is going to be roughly equivalent to security of 128 a s or free 1000 center.

To be our say now, that's gonna be quite a lot faster to compute.

So it's no longer about the length of the key in terms of bits.

It's about how many bits of security but we're going to get.

And that means essentially to to the how many operations we're gonna have to brute force through to guess or work out what's going on.

So how good is 128 bit or 192 or 256 bit?

And their equivalents?

Well, 2 to 128 bits is beyond any computer on Earth exists.

But what you know, it's It's the obvious question, all the kind of coming coming about the new advent of quantum computer quantum computing.

Right?

So one thing that's meant to make really clear about corner computers is they are not simply a very fast regular computer.

You don't just run a s on 1/4 computer much farther than you would do on a normal computer and make your life easier.

You have specific algorithms that too specific jobs on the algorithm that makes breaking a s easier.

It's called Grover's Out with.

It takes this hypothetically from 2 to 128 22 to 64.

Now 2 to 64 is within reach.

So if a quantum computer exists that can break A s using Grovers are with him.

You're gonna go from 128 bit security to 64 with security.

That is a problem.

If you go from 256 bit security to 2 to 128 that's less of a problem.

Because I would.

You said that was beyond reach of any computer, Right?

So symmetric is very resistant to quantum computers because all it does is hard.

The key space and we could just double the key space.

Does this quantum computer exist?

No will exist soon.

Not for at least 2025 years is what Robert told me when we asked.

I mean, I have no idea.

I don't develop these computers, but certainly no any time soon.

So public key cryptography like this 3000 bit rs a key, for example, that is much more affected by quantum computers shores are with him, will basically make this as trivial on a quantum computer as just encrypting using Arcee would be on a regular computer.

That's not what you want.

So if a giant computer appears that could harm this problem, that same Quanta computer could theoretically completely destroy Arcee encryption.

And then we're falling back on powerful based keyed ovation functions on dhe symmetric encryption might that would be the first thing.

But there are cryptographers and mathematicians looking to create quantum resistant versions of public albums, of which some have been developed.

So the chances are by the time such a machine exists, we won't be using these because of the fact that they have this inherent weakness.

But I mean, to be clear, the they have not factored anywhere close to a 3000 bit number with quarter computer, yet right based questions about whether that's possible because it just the scale of the thing.

But even if it is, it's not gonna happen tomorrow, right?

I mean, it would be quite amusing if it did on my video.

Is pandas being hold the outdated day after release?

But this isn't gonna happen any time soon, But the good news from our point of view, is we're still going to get to 228 bits off security from A s 256 Which is why that's what's recommended for sort of long term security for sort of 30 plus years.

Let's say I'm in quitting my credit card details and send him off to an online shop.

That credit card will have expired in two years, So it is a honestly zero interest to me if you break my credit card details after that car has been expired.

You're welcome.

Go, go.

If your government or the N S A or G h Q.

Or someone who has top secret documents that need to last for over 30 years, then you should be worrying about whether you use to 220 or 222 256 you'll find.

Actually, if you go online based on Mike, quit looking around most websites 128 s banks and stuff for using 256.

I still, I mean arguably, but isn't necessary right now.

There's no real reason for them not to.

It's not that much, Flo.

Yes, but these Cubans can interact.

This guy can interact with this guy.

This guy can interact with this guy and these can interact with one another.

And every time we add a cubit.

If we were to add a circle here, let's say ended this forthe Cuban right here, we noticed that every single one of them can now interact with it.

We have to draw lots of these lines.