Is it possible to crack the public key encryption algorithm?

Is it possible to create a PKI encryption key that is unbreakable? IAM expert Randall Gamby weighs in.

Is the public key infrastructure (PKI) unbreakable if properly installed and operated?

The answer to this question is: Yes. It is possible to crack the public key encryption algorithm. The crucial element in any security tool like PKI is the cryptographic or hash algorithm used to generate the technology's private and public keys, or digital signatures. In this case, it is the length of the keys used that defines the strength of the algorithm. By using a limited bit length to generate the keys, or the digital signature, it increases the likelihood that a brute-force attack -- where an intruder tests every possible key combination to break the cryptographic or hash algorithm -- will succeed.

Remember that if an attacker uses brute force, the computing power needed to break the algorithm increases exponentially with the length of the key. For example, a 32 bit-length key requires 232 combinations; a key of this length can be easily broken with today's computing power. Even a 512 bit-length key can be broken by large governments or university research groups within a few months. In theory, any cryptographic method can be broken by trying all possible combinations. Fortunately, at the moment, a PKI system using long-length keys (i.e. 2,048 bits) is practically unbreakable due to the level of computing power and time it would take to break the encryption -- if, as you mention, it's properly installed and operated.

More on this topic

  • Learn more about updating PKI with secure hash functions.
  • Check out this learning guide on PKI and digital certificates.

Dig Deeper on Identity and access management

Enterprise Desktop
Cloud Computing