For this reason, Securosys is using industry-standard algorithms for encryption and authentication and ensures that the necessary key material is based on true random data of adequate size. For example, the AES-256 encryption algorithm, which has been an international standard for more than fifteen years, has not been broken. This means that no attack is known that is much more efficient than the brute-force method, by which all possible keys are tried until the valid plaintext is found. This trial-and-error method on average succeeds on average after having tried 2255 = 5.8 ∙ 1076 keys, which would take, with present and foreseeable future technologies, longer than the supposed lifetime of the known universe.
All the more important will become the key material involved. For if only 56 out of the 256 bits of the AES-256 would actually have been randomly selected, the time for a brute-force attack would be drastically reduced. On average, only 255 = 3.6 ∙ 1016 operations would be necessary to successfully find the right key. On today’s hardware, such an attack could be carried out within a few minutes. Therefore, for key generation on the Primus HSM, Securosys utilizes a real hardware-based random number generators. As such, maximum entropy of the key is guaranteed.
Critical to the strength of AES are true random keys. Securosys Primus HSM generates random keys from hardware based true random number generators (TRNG) to guarantee maximum entropy.