Читаем Cryptonomicon полностью

Even a 768-bit key requires vast resources to break. Add one bit, to make it 769 bits long, and the number of possible keys doubles, the problem becomes much more difficult. A 770-bit key is that much more difficult yet, and so on. By using 768-bit keys, Randy and Avi could keep their communications secret from nearly every entity in the world for at least the next several years. A 1024-bit key would be vastly, astronomically more difficult to break.

Some people go so far as to use keys 2048 or even 3072 bits in length. These will stop the very best codebreakers on the face of the earth for astronomical periods of time, barring the invention of otherworldly technologies such as quantum computers. Most encryption software--even stuff written by extremely security-conscious cryptography experts--can't even handle keys larger than that. But Avi insists on using Ordo, generally considered the best encryption software in the world, because it can handle keys of unlimited length--as long as you don't mind waiting for it to crunch all the numbers.

Randy begins typing. He is not bothering to look at the screen; he is staring out the window at the lights on the trucks and the jeepneys. He is only using one hand, just flailing away loosely at the keyboard.

Inside Randy's computer is a precise clock. Whenever he strikes a key, Ordo uses that clock to record the current time, down to microseconds. He hits a key at 03:03:56.935788 and he hits another one at 03:05:57.290664, or about .354876 seconds later. Another .372307 seconds later, he hits another one. Ordo keeps track of all of these intervals and discards the more significant digits (in this example the .35 and the .37) because these parts will tend to be similar from one event to the next.

Ordo wants randomness. It only wants the least significant digits--say, the 76 and the 07 at the very ends of these numbers. It wants a whole lot of random numbers, and it wants them to be very, very random. It is taking somewhat random numbers and feeding them through hash functions that make them even more random. It is running statistical routines on the results to make sure that they contain no hidden patterns. It has breathtakingly high standards for randomness, and it will not stop asking Randy to whack on the keyboard until those standards are met.

The longer the key you are trying to generate, the longer this takes. Randy is trying to generate one that is ridiculously long. He has pointed out to Avi, in an encrypted e-mail message, that if every particle of matter in the universe could be used to construct one single cosmic supercomputer, and this computer was put to work trying to break a 4096-bit encryption key, it would take longer than the lifespan of the universe.

"Using today's technology," Avi shot back. "that is true. But what about quantum computers? And what if new mathematical techniques are developed that can simplify the factoring of large numbers?"

"How long do you want these messages to remain secret?" Randy asked, in his last message before leaving San Francisco. "Five years? Ten years? Twenty-five years?"

After he got to the hotel this afternoon, Randy decrypted and read Avi's answer. It is still hanging in front of his eyes, like the afterimage of a strobe:

I want them to remain secret for as long as men are capable of evil.

The computer finally beeps. Randy rests his tired hand. Ordo politely warns him that it may be busy for a while, and then goes to work. It is searching the cosmos of pure numbers, looking for two big primes that can be multiplied by each other to produce a number 4096 bits long.

If you want your secrets to remain secret past the end of your life expectancy, then, in order to choose a key length, you have to be a futurist. You have to anticipate how much faster computers will get during this time. You must also be a student of politics. Because if the entire world were to become a police state obsessed with recovering old secrets, then vast resources might be thrown at the problem of factoring large composite numbers.

So the length of the key that you use is, in and of itself, a code of sorts. A knowledgeable government eavesdropper, noting Randy's and Avi's use of a 4096-bit key, will conclude one of the following:

–-Avi doesn't know what he's talking about. This can be ruled out with a bit of research into his past accomplishments. Or,

–-Avi is clinically paranoid. This can also be ruled out with some research. Or,

–-Avi is extremely optimistic about the future development of computer technology, or pessimistic about the political climate, or both. Or,

–-Avi has a planning horizon that extends over a period of at least a century.