CSE Module 04 - Encryption Hashing - EN PDF

Summary

This document provides information about encryption and other topics in computer science. Key elements are explained in an introductory manner and the various methods and standards in cyber-security are presented.

Full Transcript

 4

Encryption
Wooclap time

https://app.wooclap.com/events/SUYIDN
Introduction Encryption

 Encryption is the process of converting a plaintext message into a secure‐coded form
of text, called ciphertext.
 Decryption: The ciphertext cannot be understood without converting back via
decryption—the reverse process from encryption—to plaintext.
 The process uses a mathematical function which is controlled by a special password,
called key (or keys).
Introduction Encryption
1 2 3 4 5

 Encryption is much older than cybersecurity 1 A B C D E
2 F G H I/J K
 600 v.C: Spartans use a scytale 3 L M N O P
 Atbash Cipher (600‐500 v.C.): 4 Q R S T U
A simple substitution cipher used by Hebrew scholars. 5 V W X Y Z
This involves replacing the first letter of the alphabet with the last,
the second with the penultimate, etc.
 Polybius Square (200 v.C.): A method developed by the Greek historian Polybius. It
uses a 5x5 grid to encode letters into pairs of digits.
 60 v.C.: Caesar uses a substitution encryption
 WW I en II: Encryptie machines, b.v.de beroemde Enigma machine.
 1979: The Kurt Schoenmaekers encryption
Introduction Encryption

 Encryption is in some countries heavily regulated. For instance, you cannot use
certain algorithms or key lengths, and it is not always allowed to encrypt (specific)
data.
(China, Russia, India, Iran, US, UK, Australia, France).
 Encryption is part of the science of CRYPTOGRAPHY.
 Encryption is used to protect C and I, not A:
 Protect “data at rest” on computers from unauthorized viewing and manipulation
 Protect “data in transit” over networks from unauthorized interception and
manipulation
 Deter and detect accidental or intentional alterations of data
 Verify authenticity of a transaction or document (see later: digital signature)
Difference between Encoding and Encryption

 Encoding transforms a message to another form. The algorithm to encode is always
well‐known, reversible AND THERE IS NO KEY NEEDED.
On the contrary, for encryption and decryption, you need a key.
 For instance, when you convert a readable text to binary format (1’s and 0’s), it might
seem unreadable, but it is not encrypted, just encoded as everybody can easily
convert it back to readable text.
E.g. Howest is encoded to binary: “01001000 01101111 01110111 01100101
01110011 01110100” but can easily be converted back. Online tools are available for
instance here: https://codebeautify.org/string‐binary‐converter or Cyberchef.
 Encryption nowadays relies on the secret of the key and not on the secrecy of the
algorithm. (Caesar’s cipher is strictly speaking “Encoding” instead of “Encryption” as
it was an algorithm only without key).
Key elements of cryptographic (encryption) systems

 Encryption algorithm ‐ Mathematically based function or calculation that encrypts or
decrypts data.
 Encryption key ‐ Piece of information similar to a password that makes the
encryption or decryption process unique. A user needs the correct key to access or
decipher a message, as the wrong key converts the message into an unreadable
form.
 Key length ‐ Predetermined length for the key. The longer the key, the more difficult
it is to compromise in a brute force attack (where all possible key combinations are
tried).
So larger is better, but larger keys use more computation time => slower.
 Plaintext – original message
 Ciphertext – encrypted message
Factors affecting the strength of a cryptographic system

 Algorithm strength. Better public than secret as it then can be investigated and
tested by many researchers.
 Secrecy of the key and difficulty of compromising/finding an unknown key.
 Nonexistence of back doors by which backdoors an encrypted file could be decrypted
without knowing the key. Especially government‐sponsored algorithms are suspect.
 Inability to decrypt parts of a ciphertext message by analyzing the patterns in the
ciphertext.
 Prevent known plaintext attacks.
 Properties of the plaintext known by a perpetrator E.g. Letters often start with
“Dear…” which is information that helps in deciphering letters.
Two types of cryptographic systems

 Symmetric key systems
 Use single, secret, bidirectional keys that encrypt and decrypt.
 Like in the physical world. You use the same key to close and reopen a door.

Encrypt Decrypt
Twee types van cryptographische systemen

 Asymmetric key systems
 Use a Pair (i.e., two) one‐way keys that are complementary to each other.
 If one encrypts, only the other can decrypt and vice versa.
 Usually one of these keys is kept secret (private key), and the other is made
public (public key).
 Can be compared to a mailbox where the opening is the “public” key and the key
of the mailbox is the “private” key.

Encrypt Decrypt
Basic principles of symmetric encryption

 Substitution
Substitutes parts of the message with something else according a predefined
algorithm. For instance, replace each character of the alphabet with the character
that is three places to the right. A ‐> D, B ‐> E, etc.
This was Caesar’s cipher (cipher = encryption algorithm)!
 Transposition (or Permutation)
Mixes the data by changing the places of blocks of data. A very simple transposition
is to switch the places of every pair of characters.
E.g. HOWEST ‐> OHEWTS.
Transposition is the principle used by the Spartans for their encryption algorithm.
The key is the thickness of the rod.
Basic principles of (symmetric) encryption: SUBSTITUTION

S U B S T I T U T I O N

T V C T U J U V U J P O
Key = 1
S U B S T I T U T I O N

 Algorithm for encryption: Move places further in the
alphabet
 Algorithm for decryption: Move places back in the alphabet
 Key : Number of places to move in the alphabet
Basic principles of (symmetric) encryption: PERMUTATION
Padding
T R A N S P O S I T I O N

T S I N R P T R A O I D N S O M
Key = 4
T R A N S P O S I T I O N

 Algorithm for encryption: Complete text with random characters until a multiple of. Move
each character to a which is: (( ‐1) modulo ) * + ( modulo ). Or table.
 Algorithm for decryption: = (( modulus ) ‐ 1) * + ( DIV ) + 1. Or table.
 Key:
Symmetric Encryption

 Uses one and the same secret key to encrypt and decrypt.

Sender side ‐ Alice Receiver side ‐ Bob

Message Message
Encrypt Ciphertext Ciphertext Decrypt
(Plaintext) (Plaintext)

Encrypt Decrypt
Secure, separate (out‐of‐
band) key exchange
Symmetric Encryption - Pros and Cons.

 Advantages
 Simple for the user as there is only one key to know for encryption and
decryption.
 Less complicated to use in cryptosystems than asymmetric encryption.
 Faster and so use less computing power than asymmetric encryption.
 SUITED FOR “BULK” ENCRYPTION, encryption of large quantities of data.
 Disadvantages
 Key distribution problematic. How to get the same key to two parties that may
not even know each other in person?
 Cannot be used for guaranteeing non‐repudiation (digital signatures)
Stream ciphers and block ciphers

 Stream Cipher
 Encrypts data one bit or byte at a time.
 Ideal for real‐time communication where data flows continuously, such as secure
voice communications and real‐time video streaming.
 Example: RC4
 Block Cipher:
 Encrypts data in fixed‐size blocks (e.g., 64 or 128 bits).
 Suitable for Applications that manage blocks of data, such as file transfer, email,
and database encryption.
 Examples: AES, DES

Voettekst 19
Modes of encryption

 Electronic Codebook
Each block of plaintext is encrypted independently using the same key.
 Pros: Simple and fast.
 Cons: Identical plaintext blocks result in identical ciphertext blocks, making it
vulnerable to pattern analysis.
Modes of encryption

 Cipher Block Chaining (CBC)
Each plaintext block is XORed with the previous ciphertext block before being
encrypted. An initialization vector (IV) is used for the first block.
 Pros: Provides better security than ECB by ensuring identical plaintext blocks
produce different ciphertext blocks.
 Cons: Requires an IV and is slower due to the dependency on previous blocks.

Voettekst 21
Modes of encryption

 Cipher Feedback (CFB)
Converts a block cipher into a self‐synchronizing stream cipher. The previous
ciphertext block is encrypted and then XORed with the plaintext block to produce the
ciphertext.
 Pros: Can encrypt data in units smaller than the block size.
 Cons: Requires an IV and is slower due to the dependency on previous blocks.

Voettekst 22
Modes of encryption

 Output Feedback (OFB)
Similar to CFB, but the output of the encryption function is fed back into the
encryption process, not the ciphertext.
 Pros: Converts a block cipher into a synchronous stream cipher, preventing error
propagation.
 Cons: Requires an IV and careful management to avoid repeating keystreams.

Voettekst 23
Modes of encryption

 Counter (CTR)
Description: Converts a block cipher into a stream cipher by encrypting successive
values of a counter and XORing with the plaintext.
 Pros: Parallelizable, making it very fast and efficient.
 Cons: Requires a unique counter value for each block to ensure security

Voettekst 24
Some symmetric encryption algorithms

 RC4 (Rivest Cipher 4)
 Fast but obsolete.
 Considered very weak, but unfortunately still used in some protocols as for
example in WEP (WiFi Security Protocol).
 DES (Data Encryption Standard)
 Invented by IBM with the help of the NSA (National Security Agency)
 64‐bit key (actually only 56, 8 used for parity check)
 Encrypts blocks of 64 bit
 Now considered weak and only used in Triple DES or 3DES where DES is used 3
times but the key is only twice as long (128 bits minus the parity bits).
Some symmetric encryption algorithms

 AES (Advanced Encryption Standard)
 Successor to DES sought via public call
for candidate algorithms by NIST.
 Winners were two Belgians from KULeuven: Vincent Rijmen and Joan Daemen.
 Method was originally called Rijndael.
 128, 192 or 256‐bits key
 Encrypts in blocks of 128 bits
Rijndael can encrypt in blocks of 128 to 256 bits in 32‐bit increments.
 Uses little memory, both in software and hardware.
 Resists advanced attacks.
Asymmetric Encryption

 Uses two complementary keys. If one encrypts with one key, one can only decrypt
with the other key. One key is always public, the other is always private and kept with
the user.
Sender side ‐ Alice Receiver side ‐ Bob

Message Message
Encrypt Ciphertext Ciphertext Decrypt
(Plaintext) (Plaintext)

Encrypt Decrypt
Public Key Bob Private Key Bob
Asymmetric Encryption

 The private (or secret) key is kept as securely as possible by the owner (E.g. on a
smart card).
 The public key is published – often in a “phonebook” of sorts – so that everybody can
use it.
 Algorithms for asymmetric encryption are slower and use more computer power
than symmetric algorithms.
 Used for shorter messages
=> Asymmetric encryption often used for symmetric key distribution
 Asymmetric encryption can be used for a digital signature.
Key distribution using Asymmetric Encryption
Sender side ‐ Alice Receiver side ‐ Bob

Message Message
Encrypt Ciphertext Ciphertext Decrypt
(Plaintext) (Plaintext)

Encrypted Encrypted
Encrypt Symmetric Symmetric Decrypt
Key Key

Public Bob Private Bob
Asymmetric Encryption for non-repudiation

If the sender encrypts a message with his private key, anyone can decrypt it, but one is
then sure that it came from the sender AND the sender cannot deny that he sent that
message. A “digital signature,” in other words.

Sender side ‐ Alice Receiver side ‐ Bob

Message “Sign” “Verify” Message
By Ciphertext Ciphertext By
(Plaintext) Encrypting Decrypting
(Plaintext)

Secret Key Alice Public Key Alice
Asymmetric Key Encryption – Some Standards

 Most well‐known standard is RSA (Rivest, Shamir and Adleman)
 Uses keys from 1,024 to 4,096 bit long typically.
 Relies on the practical difficulty of factoring the product of two large prime
numbers and uses modular arithmetic.
 Computationally heavy. Often implemented in hardware.
Asymmetric Key Encryption – Some Standards

 Elliptical Curve Cryptography (ECC)
 Less computational power needed than for RSA.
 Based on the algebraic structure of elliptic curves over finite fields.
 Allows for smaller keys than RSA with same security.
 Hashing

Voettekst 33
Hashing and hash

 As asymmetric encryption is slow => it would take a long time to sign large
documents or files.
 A solution is to create a code which represents the document but is much shorter
and encrypt this code with the secret key. The creation of such shorter code is called
“hashing”. The code itself is called a hash code, hash value, digest or simply “hash”.
 Requirements:
 The hash must be easy and fast to compute
 It must be very difficult to find two messages with the same hash.
(Finding two messages with same hash is called a “collision”)
 A hash code has a fixed length independent of the size of the input.
Hashing and hash standards

 MD5 (128 bit hash)
 SHA‐1 (160 bit)
Successed by SHA‐2 and SHA‐3 that get their hash length included in the name.
 SHA‐256 (256 bit) or SHA3‐256
 SHA‐512 (512 bit) or SHA3‐512
 RIPEMD‐160 (160 bit), as well as RIPEMD‐256 and RIPEMD‐320
 Hint: The length of the output hash gives a clue about the algorithm used!
How does a hashing work? Simple example

 A very simple way to hash :
 Translate each character into a number (ASCII code).
 Take per two numbers together to form a new number.
 Add up all the numbers.
 Then calculate the remainder when dividing by 99999 (modulo 99999).
 Example: “Howest”
Tekst H O w e s t
ASCII 72 111 119 101 115 116
Per 2 72.111 119.101 115.116
Summed 306.328
Rest=HASH 6.331
Using a hash for a digital signature
Message Message

Hash Hash
Function Function
Sender side ‐ Alice Receiver side ‐ Bob
Hash
calculated

Hash
by Receiver
=?
“Sign” Signed Signed “Verify” Received
calculated
Encrypt Hash Hash Decrypt Hash
by Sender

Secret Key Alice Public Key Alice
Digital Signature

A digital signature ensures:
 Data integrity
Any change to the plaintext message would result in the recipient failing to compute
the same hash.
 Authentication
The recipient can ensure that the message has been sent by the claimed sender
since only the claimed sender has the secret key.
 Non‐repudiation
The claimed sender cannot later deny generating and sending the message as – again
– he is the only one who possesses his secret key.
The problem of key distribution
Public Key Infrastructure (PKI)

 Problem: How to guarantee that Alice’s public key is really from Alice, if Alice and
Bob never meet? How does Alice get the key to Bob?
 Solution: a Public Key Infrastucture where a “trusted party” (E.g. the government or
a government‐appointed agency) guarantees that the public key is authentic and
from Alice.
 How does the trusted party guarantee this? By digitally signing the public key from a
person with their secret key. Compare this to a passport where a government official
signs your passport to proof that it is authentic.
 The public key + information about its owner + the digital signature of the trusted
party is put together in a DIGITAL CERTIFICATE.
Public Key Infrastructure

 Digital certificates of a user
 This is a structured piece of text.
 Contains the public key and identifying information about the user.
 Signed by a trusted party with the trusted party’s private key.
 Added to messages so that receiver can verify authenticity of the user’s public
key by using the public key of the trusted party.
 Contains at least:
 A distinguishing (user)name
 The user’s public key
 The algorithm used to create the digital signature of the certificate by the trusted party
 The validity period of the certificate
Structuur van een digitaal certificaat (X.509)

Version of X.509
Certificate Serial Number
Certificate Algorithm Identifier for Certificate Issuer’s Signature
Issuer
Validity Period (From‐To)
Subject
Subject Public Identifier Algorithm Identifier (RSA, ECC, …)
Public‐Key Value
Issuer Unique Identifier
Subject Unique Identifier
Extensions (key usage, certificate policies, alternate subject names, …)
Certification Authority’s Digital Signature

Voettekst 42
Public Key Infrastructure (PKI)

Certification Authority (CA)

User Registration Authority (RA)
Public Key Infrastructure

 Certificate Authority (CA)
 Authority in a network that issues and manages security credentials and public
keys for message signature verification or encryption.
 In order to generate a digital certificate, the CA gets/needs confirmation from a
Registration Authority (RA) that the information provided by the user is correct.
 => If the RA confirms the information provided by the user, the CA creates the
content of the digital certificate and signs it with the CA’s private key.
 => All users can then check the certificate with the CA’s public key.
Public Key Infrastructure

Certificate Authority (CA)
Manages and signs Certificate Revocation Lists (CRLs) ‐> List of
revoked certificates.
Known CA’s are for instance the companies Verisign and DigiCert.
A CA can also be installed and owned by a company to generate
certificates for its employees, contractors, partners etc. (in‐house
CA).
 A CA may also be given the task of generating the asymmetric key pair.
Public Key Infrastructure

Registration Authority (RA)
 Performs certain administrative functions on behalf of the CA.
 Verifies user requests for a digital certificate and tells the CA to issue it.
 Might be part of the CA or might be a different entity/organisation.
 The CA retains sole responsibility for signing either digital certificates or CRLs.
Public Key Infrastructure

 Registration Authority (RA)
 The functions of the RA could be :
 Verifying the information provided by the subject (personal authentication
functions).
 Verification of the individual's right to the requested certificate attributes.
 Verification that the individual actually possesses the private key corresponding to
the public key requested for a certificate (commonly referred to as proof of
possession [POP = Proof of Possession]).
 Notification of compromised or expired keys that should be on CRL list.
 Distributing the physical tokens (such as smart cards) that contain the private keys
A real-life example - Certificate on identity card

 In Belgium (like in many other countries), everybody has a digital certificate with
their public key in the chip of their ID.
 The RA is here the town hall which controls the identity of the user and which asks
the government to create a digital certificate.
 The CA is a Belgian government department CERTIPOST which creates and issues the
digital certificate on request of the Town Hall (the RA).
 The certificate is put on the chip on the ID card and delivered to the user by the
Town Hall (the RA). The ID card contains:
 Authentication Certificate: Used for logging into web applications, such as
government portals.
 Signature Certificate: Used for digitally signing documents (E.g. using Acrobat
Reader).
Quantum Computing and Cryptography

 May solve some of the existing problems with current cryptographic systems
 Generate perfectly random symmetric cryptographic keys
 Secure distribution of symmetric cryptographic keys.
 It is based on a practical application of the characteristics of the smallest “grains” of
light (photons) and the physical laws governing their generation, propagation and
detection.
 It is impossible to eavesdrop and see for instance the key exchange as – simplified ‐ a
quantum state (so the key) changes when observed (Heisenberg’s principle).
 Could in the future “crack” some existing key lengths in no time.
 Currently, we are preparing with quantum‐resistant key lengths and algorithms.
Quantum Computing and Cryptography

 Post‐Quantum Cryptography (PQC):
NIST recently finalized the first set of post‐quantum cryptography standards,
designed to withstand attacks from quantum computers
 Quantum Key Distribution (QKD):
This technology uses quantum mechanics to securely distribute encryption keys.
 Immune to brute‐force attacks, even from quantum computers
 Requires specialized hardware
 Distance limitations.
Quantum Computing and Cryptography

 Quantum Random Number Generation (QRNG):
Uses quantum properties to generate truly random numbers, which are crucial for
cryptographic keys.
 Current Quantum Computing Capabilities:
 Large‐scale, fault‐tolerant quantum computers not yet commercially available.
 Experts predict that quantum computers capable of breaking current encryption
methods could emerge within the next decade (others say 30 years).

Voettekst 51
Applications - Transport Layer Security (TLS)

 TLS is a cryptographic protocol that provides secure communications on the Internet.
 A session‐layer (OSI) protocol widely used for communication between browsers and
web servers.
 Provides:
 Confidentiality of the communication
 Endpoint authentication
 Is destined to replace the older and less secure SSL (Secure Socket Layer) protocol.
TLS and SSL are NOT interoperable.
Applications - Secure Hypertext Transfer Protocol (HTTPS)

 HTTPS is similar to HTTP, just with an encrypted session via TLS (or SSL) protocols.
 HTTPS serves to secure World Wide Web pages for Applications.
 In electronic commerce, authentication may be used:
 in business‐to‐business (B‐to‐B) activities (for which both the client and the
server are authenticated)
 business‐to‐consumer (B‐to‐C) interaction (in which only the server is
authenticated).
 Using https:// instead of http:// directs the communication to a different port
Applications - Virtual Private Network (VPN)

 VPN is a collective name for all different VPN implementations.
One popular VPN technology is IPSec.
 Before VPN, the only way to have a “private” network was to own or lease your own
lines. ‐> Expensive solution.
 A VPN creates a secure private network over the public telecommunications
infrastructure using encryption ‐> cheap solution.
 Uses authentication and encryption between two Internet points
‐> confidentiality and integrity.
Applications - Secure Shell (SSH)

 Implemented at the Application layer in the TCP/IP model.
 Provides a secure channel over an unsecured network by using a client‐server
architecture, connecting an SSH client application with an SSH server.
 Typically used to log in to a command shell on a remote machine and execute
commands. (≈ as command prompt in Windows but commands are executed on a
remote machine and not on yours)
 Replaces Telnet and other unsecure remote shells.
 Uses strong cryptography to protect data, including passwords (*), binary files and
administrative commands. Uses digital certificates for mutual authentication.

(*) Telnet sends passwords in readable form over the communication line....
Applications - Secure Multipurpose Internet Mail Extensions (S/MIME)

 A standard secure email protocol
 Security Properties:
 Authenticates the identity of the sender and receiver
 Verifies message integrity
 Ensures the confidentiality of a message’s contents, including attachments
 Non‐repudiation
 Uses asymmetric encryption and uses digital signatures.
 Can be used in e.g. Outlook
Applications - Encryption of data at rest (Stored Data)

 Encryption of data at rest as many benefits:
 Encryption is better than only passwords or ACLs for protecting files.
 Encryption moves with the data.
 Encryption protects the confidentiality of the data from system administrators
and hackers.
 What can we encrypt?
 Files: on‐the‐fly encryption/decryption
 Disks: an unencrypted disk has all data visible (takes a hacker minutes)
 Email encryption
 Record (in a database) encryption.
Cryptanalysis

 The art of breaking cryptographic protection by
 Finding weaknesses in existing algorithms, protocols and standards
 Finding the secret or private key(s)
 Finding the plaintext, based on a ciphertext
Cryptanalysis

 Some methods:
 Known plaintext attack ‐> try to discover key
 Chosen plaintext attack ‐> try to discover key (better than known plaintext)
 Ciphertext only attack ‐> for old algoritms only ‐> check character frequencies
etc.
 Side‐channel attack: get some info on the algorithm by observing speed it takes
on a CPU, electromagnetic radiation from the encrypting system, acoustics of
typing from the user (which might divulge the key)…
Cryptanalysis

 Some more in‐depth methods:
 Differential cryptanalysis attack: analyzes the difference after encryption
between pairs of chosen plaintext.
 Integral cryptanalysis attack: Keep part of the plaintext and vary the rest.
Application of Hashing - Protection of passwords

 Why not store passwords in cleartext? Though many still do…
 Possible exception: safe storage like smart card, but still not very secure
 Why not encrypt passwords? ‐>
Hash is a faster solution without the verifier knowing the password:
 But same password = same hash
 => “salted”hashes
Adds a random string to the password before hashing
=> (same password ≠ same hash).
Usually, the salt is then added to the hash in front between two $ characters.
Application of Hashing - Protection of passwords

 Password attacks
 Brute force ‐> rainbow tables
 Lists of known passwords, dictionaries, knowledge of your victim
 Have you been p’wned?
Password Entropy

A measure of how unpredictable (random) and secure a password is
against guessing and brute‐force attacks. It quantifies the difficulty an
attacker would have in finding the password.
Calculation: 𝐸 𝐿 log 𝑅 bits
 𝑬 is the entropy in bits.
 𝑳 is the length of the password in number of places for characters.
 𝑹 is the size of the character set used for each place in the password.(Example:
52 for both uppercase and lowercase letters in the Western alphabet)
 If there are different rules for different pieces of the password, then calculate the
entropy for each piece and add it up.

Voettekst 63
Password Entropy

 Importance of Entropy:
 Low entropy: Easy to guess, vulnerable to attacks.
 High entropy: Harder to guess, safer.
 Entropy only indicates how strong a password can be at a given L and R.It is still possible to create
weak passwords at a given L and R.
 Example :
 Passwords such as “IncoRRect77$%&”
 𝑳 14
 𝑹 94 (including lowercase, uppercase, numbers and special symbols).
 The entropy is calculated as follows:
𝐸 14 log 94 14 6.5545 91.76 bits

Voettekst 64
Password Entropy

 Improve Entropy:
 Greater length: Longer passwords have higher entropy.
 Use different characters: Use uppercase, lowercase, numbers and special symbols to increase the
character set.
 Practical :
 Non‐vital users: at least 50 bits of entropy.
 Important users: 60‐80 bits of entropy.
 Crucial users: 100 bits of entropy or more.

Voettekst 65
Misuse of encryption

Like dynamite, encryption can be misused by criminals:
 Ransomware (Wannacry, Cryptolocker, Petya)
 Hide malware code
 Secret communications between criminals ‐> complicates forensic investigation
 Encryption of data at rest by criminals ‐> complicates forensic investigation
Encryption Risks

Security mainly relies on the secrecy of the keys. The more a key is
used, the more its data can be analyzed so the more vulnerable it is.
 Password cracking tools get faster and faster with the evolution of
technology
 Sooner or later, a key will become obsolete
Randomness of key generation is also a factor.
 Sometimes key generation is based on passwords and it is easier to guess a
password than a key ‐> key becomes less secure.
 Randomness also plays a key role in asymmetric key generation.