the decryption key. A longer key means a hacker must try more combinations in order to decode the data. For example, a combination lock with only one, single-digit number on the tumbler is simple to open by just trying each number. With two or more numbers in the tumbler, the difficulty rises considerably. The cracker must put the first set on one number, then try each number in the second set, then repeat the process with the second number in the first set, etc. The more numbers to try, the more difficult the cracker's job.

Just as with the combination lock example, the higher the bit rate, the harder it is to break the encryption scheme. A 40-bit key, for example -- the U.S. government restricts export of key lengths greater than 40 bits -- requires the cracker to attempt more than a trillion combinations. While this may seem like an extremely large number of keys, an Intel Pentium-based PC -- attempting various combinations in what is called "brute force" -- could crack the key in a matter of hours.

A 56-bit key requires trying more than 72,000 trillion possible combinations. A conventional PC might take about 1,000,000,000,000,000,000,000 years to crack a 128-bit key. In the United States, domestic versions of 128-bit keys are used and are virtually impossible to crack by brute force methods using current computing technologies.

The easiest way to crack a message is to obtain a copy of the sender's private key, or in case of symmetric encryption, to intercept the message and the key en route to its destination.

When DES encryption was devised in the 1970s, the 56-bit key was considered very safe; with the computers of today, a DES-encrypted message is still fairly secure, but a 56-bit key was recently cracked.


One of the shortcomings of public key technology is the extra time it takes to encrypt and decrypt data. The longer the key, the more time required to encrypt or decrypt a message.

To increase the speed of encryption, nCipher's nFast line of cryptographic hardware could be used to accelerate the timing. It does that by off-loading the cryptographic burden from the CPU. Each nFast accelerator improves performance by up to 100 times and is able to handle up to 300 1024-bit key public signings per second.

For additional information on the Internet:

Norton DiskLock

Previous versions of Symantec's DiskLock focused on locking the hard disk and preventing access to specific files. With the spread of Internet and other networks and e-mail, DiskLock shifted its focus to the encryption of files, thereby rendering them useless to an unauthorized user.

The program comes with a group of encryption and decryption tools that provide protection at the file and folder level. Encrypted files and folders cannot be moved, copied or deleted by unauthorized users; if they are opened, the encryption renders them unreadable.

After the encryption and screenlock components are installed on the system, users must enter their user name and password to activate the program each time the machine is turned on. Once the application is activated, users can access the encryption and decryption options.

DiskLock uses an asymmetric encryption scheme that requires two different keys to encrypt and decrypt files. It works with a public and private key, allowing public keys to be exchanged between users wishing to access each other's work. Without a user's private key, however, the public key remains useless, so security is not compromised.

Additionally, DiskLock provides a timeframe access during which someone can access information from a hard drive. It also features an audit log that tracks system activity, revealing what was done to the system and when it occurred.

For additional information, contact Symantec, 10201