## Unimaginably Strong

For encrypting data at rest, Cord3 onlyuses symmetric cryptographywith a unique 256-bit key for every data asset.

Cord3 uses a FIPS 140-2 approved implementation of the Advanced Encryption Standard (AES) algorithm. Since there is nothing secret about the AES algorithm itself, the security comes from the keys being random and secret.

The beauty of random keys is that an attacker has no information, so an attacker must use a “brute-force” approach by testing each possible key to see if it is the correct one.

A 256-bit symmetric key

has 2^{256} possibilities.

2^{256}= 2 x 2 x 2 x 2 x 2 …

(256 times)

2^{256}= 2 x 2 x 2 x 2 x 2 …

(256 times)

= (2 x 2 x 2 x … (128 times)) x

(2 x 2 x 2 x … (128 times))

= 2^{128} x 2^{128}

So, how strong are random 256-bit symmetric keys, really?

Each bit of a 256-bit key has two possibilities –technically, either a 0 or 1. So, the number of possibilities for a 256-bit key can be written as 2x2x2x2x2x2x…. with 2 being multiplied by 2 a total of 256 times.

The result is an absolutely huge number, so let’s break it down further to give you a sense for just how strong 256-bit keys are.

One way to break down this calculation is to separate the long string of 2’s multiplied together into two equal halves, with the two halves being multiplied together. Each half would be 2x2x2x2 … a total of 128 times (half of 256). Another way of writing 2 multiplied by itself 128 times is 2^{128}.

To make it easier, for now, let’s just look at the size of 2^{128}.

If you’re struggling with how to pronounce that number, you’re not alone! The correct pronunciation is **340 undecillion**.

A random 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 possibilities that may need to be tried in a brute-force attack. Even assuming an incredibly powerful computer, conservative estimates are that **it would take millions of years to brute-force search a random 128-bit key**.

2^{128}= 2 x 2 x 2 x 2 x 2 …

(128 times)

= 340,282,366,920,938,463,463,

374,607,431,768,211,456

2^{256}= 2^{128} x 2^{128}

= 340,282,366,920,938,463,463,

374,607,431,768,211,456

X

340,282,366,920,938,463,463,

374,607,431,768,211,456

Even though a 256-bit key is only twice the length of a 128-bit key, it has 2^{128} more possibilities.

If it would take millions of years to search a single 128-bit key,**it would take billions upon billions of years to search all the possibilities for a single 256-bit key**. It would take so incredibly long to brute-force attack a single 256-bit key that nobody would ever really bother trying.

No improvements in computing power will ever make brute-force searching of 256-bit keys remotely feasible. And remember that **Cord3 uses a different, random, 256-bit key for each data asset!**

### Latest Posts

**Protect Your Data from Privileged Credential Attacks – Detecting Attacks is Too Late!July 5, 2019 - 11:05 am****LightNeuron malware – Cord3’s Solution!May 15, 2019 - 2:44 pm****The Cloud & Privileged Credential AbuseFebruary 28, 2019 - 4:23 pm****Cord3 to Exhibit at RSA Conference 2019February 28, 2019 - 2:34 pm**

### Contact Us

900 Morrison Drive Suite 206

Ottawa, Canada

info@cord3inc.com

+1 343 488 8720