Is it possible to create a PKI encryption key that is unbreakable? IAM expert Randall Gamby weighs in.
Is the public key infrastructure (PKI) unbreakable if properly installed and operated?
The answer to this question is: Yes. It is possible to crack the public key encryption algorithm. The crucial element in any security tool like PKI is the cryptographic or hash algorithm used to generate the technology's private and public keys, or digital signatures. In this case, it is the length of the keys used that defines the strength of the algorithm. By using a limited bit length to generate the keys, or the digital signature, it increases the likelihood that a brute-force attack -- where an intruder tests every possible key combination to break the cryptographic or hash algorithm -- will succeed.
Remember that if an attacker uses brute force, the computing power needed to break the algorithm increases exponentially with the length of the key. For example, a 32 bit-length key requires 232 combinations; a key of this length can be easily broken with today's computing power. Even a 512 bit-length key can be broken by large governments or university research groups within a few months. In theory, any cryptographic method can be broken by trying all possible combinations. Fortunately, at the moment, a PKI system using long-length keys (i.e. 2,048 bits) is practically unbreakable due to the level of computing power and time it would take to break the encryption -- if, as you mention, it's properly installed and operated.
- Learn more about updating PKI with secure hash functions.
- Check out this learning guide on PKI and digital certificates.
Related Resources
- Buyer’s Guide: Selecting a Security-First Identity and Access Management ...–CyberArk
- Building Digital Operational Resilience: DORA Compliance Through Enhanced ...–SailPoint Technologies
- Securing DevOps A Digital-first Imperative for Success–CyberArk
- Taking A Zero Trust Approach To IAM In Atlassian Cloud–Atlassian
Dig Deeper on Identity and access management
Related Q&A from Randall Gamby
Are 14-character minimum-length passwords secure enough?
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise ...Continue Reading
Manage unsuccessful login attempts with account lockout policy
Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to ...Continue Reading
Can simple photography beat biometric systems?
Simple photography cracking biometric systems highlights the need for two-factor authentication in enterprises according to expert Randall Gamby.Continue Reading