NSA-related news in recent months warrants revisiting an earlier discussion of AES. In an article on the NSA's Bluffdale, Utah datacenter, I noted that despite the peta-flop processing power of those systems AES-192 and AES-256 are still currently unassailable encryption schemes: "For now, however, nobody and no system on Earth can decrypt AES if used with 192 or 256 bit key lengths. In fact, the US federal government requires AES with a 256 bit key length for encrypting digital documents classified as 'top secret.'"

 

Advanced Encryption Standard (AES) is the symmetric key algorithm certified by the NIST. According to NIST cryptographer Bruce Schneier, the NSA's Bluffdale systems are not aimed at breaking high-bit AES.

 

The only serious caveat in computer science is that Peter Schor's factorization algorithm could defeat AES were quantum computing a reality. And keep in mind that two teams of physicists were awarded the Nobel Prize in 2012 for making advances in capturing and manipulating ions that create an important milestone in the possibility of building a quantum computer capable of running Schor's algorithm. How far away that is from happening is a physicist's dream worth discussing.

 

AES and RSA

For now let me point out that besides AES's symmetric key generation many software applications use asymmetric or public key encryption; and the RSA corporation's implementation of public key encryption is the most widely used.

 

While the NSA's Bluffdale wolf may not be able to blow down the house of AES, he is huffing and puffing at a plenitude of RSA-1028 encrypted data held among the storage arrays. Bruce Schneier puts it both more cryptically (as it were) and plainly on his blog: "I think the main point of the new Utah facility is to crack the past, not the present. The NSA has been hoovering up encrypted comms for decades and it may be that the combination of a petaflop computer plus terabytes of data might be enough to crack crypto weaker than 128-bit (and especially 64-bit)".

 

I'll say more in another article about the recent Snowden revelations surrounding RSA encryption. In conclusion here I'll reiterate this: use AES-based tools for handling any data that you really need to keep secure. That means for any systems that monitor your other systems that carry AES-encrypted data, SNMPv3 is your best option. And many of you already know that SolarWinds tools for monitoring nodes and configuring network devices support SNMPv3.