Re: Advice on securing a sensitive Access database

**Rick Brandt** · Jun 27 '08, 07:22 PM

Re: Advice on securing a sensitive Access database

Chuck wrote:

On Fri, 11 Apr 2008 05:33:58 -0700 (PDT), The Frog
<Mr.Frog.to.you @googlemail.com wrote:
>

>Hi Les,
>>
>This is a problem that I have solved once before, and I can tell you
>that it is fraught with dangers. I have managed to incorporate AES
>256 bit encryption on the individual tables, complete with a user
>control / access system. I must stress just how much a pain in the
>arse this was / is.
>>

Huge snip
>
Computer power has come a long way since MIT released the original PGP
encryption program. If someone was absolutely determined to decrypt
your program, how long would it take to break a 256 bit encryption
with a brute force attack?
>
Chuck

A few quotes I found...
128-bit encryption is the minimum standard recommended to protect any
financial transaction performed via the internet. According to Yankee Group
estimates that the time it would take to break the encryption by brute force
was:

..25 sextillion years (2005 level technology)

"In most cases, there's a greater probability that the sun will burn out
before all the computers in the world could factor in all of the information
needed to brute force a 256-bit key," said Jon Hansen, vice president of
marketing for AccessData Corp, the Lindon, Utah, company that built the
software that powers DNA.

64 bit encryption happens to be the world record for the biggest RC5 bit key
cracked in 2002 which took nearly 5 years to achieve for a massive
distributed attack.

Now that we know that the distributed attacks will only shave off a few
bits, what about Moore's law which historically meant that computers roughly
doubled in speed every 18 months? That means in 48 years we can shave
another 32 bits off the encryption armor which means 5 trillion future
computers might get lucky in 5 years to find the key for RC5 128-bit
encryption. But with 256-bit AES encryption, that moves the date out
another 192 years before computers are predicted to be fast enough to even
attempt a massively distributed attack. To give you an idea how big 256
bits is, it's roughly equal to the number of atoms in the universe!

**Chuck** · Jun 27 '08, 07:22 PM

Re: Advice on securing a sensitive Access database

On Sat, 12 Apr 2008 13:00:28 GMT, "Rick Brandt" <rickbrandt2@ho tmail.com>
wrote:

>Chuck wrote:

>On Fri, 11 Apr 2008 05:33:58 -0700 (PDT), The Frog
><Mr.Frog.to.yo u@googlemail.co mwrote:
>>

>>Hi Les,
>>>
>>This is a problem that I have solved once before, and I can tell you
>>that it is fraught with dangers. I have managed to incorporate AES
>>256 bit encryption on the individual tables, complete with a user
>>control / access system. I must stress just how much a pain in the
>>arse this was / is.
>>>

>Huge snip
>>
>Computer power has come a long way since MIT released the original PGP
>encryption program. If someone was absolutely determined to decrypt
>your program, how long would it take to break a 256 bit encryption
>with a brute force attack?
>>
>Chuck

>
>
>A few quotes I found...
>128-bit encryption is the minimum standard recommended to protect any
>financial transaction performed via the internet. According to Yankee Group
>estimates that the time it would take to break the encryption by brute force
>was:
>
>.25 sextillion years (2005 level technology)
>
>"In most cases, there's a greater probability that the sun will burn out
>before all the computers in the world could factor in all of the information
>needed to brute force a 256-bit key," said Jon Hansen, vice president of
>marketing for AccessData Corp, the Lindon, Utah, company that built the
>software that powers DNA.
>
>64 bit encryption happens to be the world record for the biggest RC5 bit key
>cracked in 2002 which took nearly 5 years to achieve for a massive
>distributed attack.
>
>Now that we know that the distributed attacks will only shave off a few
>bits, what about Moore's law which historically meant that computers roughly
>doubled in speed every 18 months? That means in 48 years we can shave
>another 32 bits off the encryption armor which means 5 trillion future
>computers might get lucky in 5 years to find the key for RC5 128-bit
>encryption. But with 256-bit AES encryption, that moves the date out
>another 192 years before computers are predicted to be fast enough to even
>attempt a massively distributed attack. To give you an idea how big 256
>bits is, it's roughly equal to the number of atoms in the universe!
>

Thanks for the education.

I knew that a 256 bit key has 8.578....E506 permutations. I just didn't know
how long it would take to get there from here. To be honest with you, I don't
think clearly with values 10E15 anyhow.

Chuck
--

Chuck

**Les Desser** · Jun 27 '08, 07:22 PM

Re: Advice on securing a sensitive Access database

In article <Mn2Mj.353$ix6. 50@newssvr11.ne ws.prodigy.net> , Rick Brandt
<rickbrandt2@ho tmail.comSat, 12 Apr 2008 13:00:28 writes

>"In most cases, there's a greater probability that the sun will burn
>out before all the computers in the world could factor in all of the
>information needed to brute force a 256-bit key,"

Then what is the point of 4K bit keys?
--
Les Desser
(The Reply-to address IS valid)

**Rick Brandt** · Jun 27 '08, 07:22 PM

Re: Advice on securing a sensitive Access database

Les Desser wrote:

In article <Mn2Mj.353$ix6. 50@newssvr11.ne ws.prodigy.net> , Rick Brandt
<rickbrandt2@ho tmail.comSat, 12 Apr 2008 13:00:28 writes
>

>"In most cases, there's a greater probability that the sun will burn
>out before all the computers in the world could factor in all of the
>information needed to brute force a 256-bit key,"

>
Then what is the point of 4K bit keys?

Marketing?

--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com

Re: Advice on securing a sensitive Access database

Re: Advice on securing a sensitive Access database

Comment

Comment

Comment

Comment