# How long would it take to brute force AES-256?

When talking about encryption, it’s often hard to describe how safe it actually is. There’s so much jargon in the industry, it can be very confusing – even for people in the I.T. industry. In this three part article series, we will examine the security of AES-256 (the chosen type of cryptography used in ScramBox), while clarifying and debunking some common myths along the way.

We’ll start by looking at how long it would take to “crack” AES-256 encryption with today’s computers. Future articles will look at the effects of future advances in computing and other types of attacks on AES-256.

## Firstly, let’s stop talking about key size

A lot of people get confused by key sizes, thinking that bigger is always better. For example, they might say that RSA-2048 is more secure than AES-256 because a 2048 bit key is longer than 256 bits.

However, comparing key size is not a good measure of security, because each encryption scheme (cipher) has its own characteristics and methods of attack. So bigger is generally better within a specific encryption scheme (cipher). But that’s a topic for another time…

## AES-256 – the chosen cipher in ScramBox

How long would it take to “break” the AES-256 encryption that’s used in ScramBox? The only known practical attack on AES-256, when used in the way that ScramBox does, is called a “brute force attack” – also known as “exhaustive search” because it requires the attacker to try every possible combination of encryption key until the right key is guessed and the data is unlocked.

(If you don’t quite understand the concept of brute force, imagine a phone with a 4-digit passcode. There are 10,000 possible passcodes, from 0000 to 9999. A brute-force attack would be to try every passcode until you reach the correct answer. On average, you’ll need to try half the possible passcodes before you guess the right answer.)

We’ll make some very simple and conservative assumptions, and estimate how long it would take to break ScramBox’s encryption if an attacker had different types of computers breaking it:

1. One high-performance PC
2. The world’s fastest supercomputer
3. Every PC on earth

These are only estimates, because the overriding message that the time it would take to break AES-256 is many many times longer than the age of the universe.

We also make some simplifications, such as assuming that it takes no extra time to verify the decrypted data. That means the figures we give are “worst case” scenarios – for example, if we say it’ll take 1 year to brute-force something, it’ll likely take longer in real life.

So let’s start calculating!

## A single high performance PC

We benchmarked a top-of-the-line, high performance 2015 MacBook Pro with Intel Core i7. It could decrypt using AES-256 GCM at around 120MB/sec on a single core. (While we know that speeds can vary between computers and implementations of encryption, this average benchmark speed will suffice for this analysis.)

For ease of calculation, let’s round up the figure to the nearest power of two: 128MiB/sec per core.

On a 4 core machine with hyperthreading (8 concurrent threads), that equates to 1024MiB/sec, or 230 bytes per second. (Again, we know that it’s likely to be slower because Turbo Boost increases the clock speed when only one core is used, so clock speeds should drop multiple cores are used and thus simply multiplying throughput by the number of threads will overestimate the throughput. But we are being conservative here.)

AES uses a 16 byte block size (24), so on average, a single high performance PC can encrypt 2(30-4) = 226 blocks per second.

That means it can also try 226 different encryption keys per second. The number of seconds in a year is 60 * 60 * 24 * 365.25 = 31,557,600.

So the number of keys that a high-end PC can search in one year is 31,557,600 * 226, or 2,117,794,686,566,400. That’s 2,117.8 trillion keys, which sounds like a lot!

On average, to brute-force attack AES-256, one would need to try 2255 keys. (This is the total size of the key space divided by 2, because on average, you’ll find the answer after searching half the key space.)

So the time taken to perform this attack, measured in years, is simply 2255 / 2,117.8 trillion.

Expressed as an exponent of 10, that’s 2.73 * 1061. Written in full format:

27,337,893,038,​406,611,​194,430,009,​974,922,940,​323,611,067,​429,756,962,​487,493,203 years.

In English: 27 trillion trillion trillion trillion trillion years.

In contrast, the universe has only existed for 15 billion years, which is:

15,000,000,000.

This demonstrates it’s not possible for a single PC to brute-force crack AES-256 encryption within the lifetime of a person, let alone the lifetime of the universe.

## The world’s fastest supercomputer

So if your home PC can’t brute force AES256, what about the world’s fastest supercomputer?

At the time of writing, the world’s fastest supercomputer, Sunway TaihuLight, can perform at 93 PetaFLOPS. (A current list of supercomputers can be found on the Top 500 website.) In contrast, the Intel i7 does around 100 GigaFLOPS.

This means that the world’s fastest supercomputer is roughly 1 million times faster than a high-end PC when measured in FLOPS.

Because we don’t actually have access to the world’s fastest supercomputer to run AES exhaustive search, we will have to estimate its throughput based on the published speed of 93 PetaFLOPS.

Given that 93 PetaFLOPS (supercomputer) is nearly 1 million times 100 GigaFLOPS (desktop PC), let’s we assume that this supercomputer can crack AES encryption 1 million times faster than a high-end PC. Therefore, on average to crack AES-256, it would take

27,337,893,038,​406,611,194,​430,009,974,​922,940,323,​611,067,429,​756,962,487 years.

That’s 27,337,893 trillion trillion trillion trillion years – still impossible.

## All the PCs on earth

Now let’s look at an unrealistic scenario – what if we could somehow put every PC on earth to work, trying to crack your data that was encrypted using ScramBox.

It’s estimated that there are currently 2 billion PCs on earth, of varying ages and computing power. Let’s assume that each of those 2 billion are as fast as our 2015 MacBook Pro. (Of course in reality most computers will be slower and some will be faster, but we’re talking averages here.)

The average time taken for all PCs on earth, working together, to brute force crack AES-256 is:

13,668,946,​519,203,305,​597,215,004,​987,461,470,​161,805,533,​714,878,481 years

Still impossible. But to write that as a number, it’s:

13,689 trillion trillion trillion trillion years.

## Recap: brute force exhaustive search of AES-256

It should be obvious that why AES-256 is regarded as the gold standard in encryption. So here’s a quick summary:

Computing power Average time to crack using exhaustive search
High-end PC 27,337,893,038,406,611,​194,430,009,​974,922,940,​323,611,067,​429,756,962,​487,493,203 years.

27 trillion trillion trillion trillion trillion years
Fastest supercomputer 27,337,893,038,​406,611,194,​430,009,974,​922,940,323,​611,067,429,​756,962,487 years.

27,337,893 trillion trillion trillion trillion years
2 billion high-end PCs 13,668,946,​519,203,305,​597,215,004,​987,461,470,​161,805,533,​714,878,481 years

13,689 trillion trillion trillion trillion years
Age of the universe 15,000,000,000 years

15 billion years

There’s simply no way, with today’s technology, that AES-256 can be brute-force attacked.

In the next article of series, we will look at how future advances in technology, such as Moore’s Law and Quantum Computers, affects the security of AES encryption.

[mashshare]

## Send us a message

The field is required.