2.1 Random Number Generation
Sadly, there is no easy way to hook up our computer to sample earth vibrations or something similar. Research into the generation of random numbers using computers and software continues today. It is easy to find on almost every platform the presence of a cryp-tographically secure pseudo-random number generator, or CSPRNG for short. Kerckhoff s Principled 5] tells us that the secrecy must reside in the secret key, not in the algorithm. In essence, always assume that the cryptanalyst trying to break your ciphertext has obtained the complete details of the employed cipher.
Ciphertext is only as strong as the secret key used to lock the message. The key space relates to the number of possible key combinations that could be used by a given encryption algorithm. For example, a 40-bit key space means that there are 240 possible keys. Similar, a 128-bit key space means that there are 2128 possible key combinations. While the
■ 2.2 The SecureRandom Engine 31
difference may seem minimal on the surface, increases in key space truly carry exponential differences. Modern supercomputers could use a brute force attack (try each key in sequence) to break a 40-bit key in well under a day, however, that same supercomputer could spend years and years attempting a brute force attack on a 128-bit key and not find the solution. By the time the key was found, presumably the value of the information encrypted has become meaningless.
How long is the password that you used to log in to your computer this morning? A case-sensitive alphanumeric key space contains a mere 62 characters ([A...Z], [a...z], [0...9]). As an example, let's say that your password is 6 characters long, like SnOOpy. Without dropping into too much math theory, suffice to say that the total possible alphanumeric combinations are represented by 62*62*62*62*62*62, where each character could be any one of the available 62 characters. That's a mere 56,800,235,584 possible keys. On the surface, it appears to provide a great deal of security56 billion possible keys. We live in a world where a dual-CPU machine running with a clock speed in excess of 3 GHz is readily available. That 6 character password has an effective bit size of 35-bits. Without any empirical data, let's assume that a machine like that just described is running Linux, and it could attempt 500,000 guesses per minute. The entire 6-byte alphanumeric key space could be searched in a brute force decryption attempt in less than 32 hours. Do you still think your 56 billion combinations represent a significant deterrent to someone who really wants to crack your password? I don't.
The fact is that strength of a key is directly proportional to the size of the key and its randomness. Data that are going to be stored for extended periods of time (like data found inside of a database) should use a larger, more random key to help better protect the data from a brute force attack that might occur over a long period of time. So how do we generate such a strong secret key? Well, the JCA includes a SecureRandom engine explicitly for such purposes.