Reports about new security breaches and cyber attacks are almost a daily feature. However, the key revelation in the recent surveillance scandals was that "encryption works". The availability of private company data, are today's "gold" of each enterprise. These should be protected anytime.
Reports on vulnerabilities and hacked systems are numerous and steadily increasing. The causes for successful cyberattacks are manifold. For many years, however, they have not been anything to do with any shortcomings of standardized encryption algorithms. In addition, not even one of all the thousands of classified documents published so far by Edward Snowden shows any evidence that todays standardized encryption and authentication algorithms contain weaknesses or even backdoors.
Or, as Bruce Schneier, the internationally renowned security expert put it:
The NSA has no magic: Encryption works!
For this reason, Securosys is using industry-standard algorithms for encryption and authentication and ensures that the necessary key material is based on true random data of adequate size. For example, the AES-256 encryption algorithm, which has been an international standard for more than fifteen years, has not been broken. This means that no attack is known that is much more efficient than the brute-force method, by which all possible keys are tried until the valid plaintext is found. This trial-and-error method on average succeeds on average after having tried 2255 = 5.8 ∙ 1076 keys, which would take, with present and foreseeable future technologies, longer than the supposed lifetime of the known universe.
All the more important will become the key material involved. For if only 56 out of the 256 bits of the AES-256 would actually have been randomly selected, the time for a brute-force attack would be drastically reduced. On average, only 255 = 3.6 ∙ 1016 operations would be necessary to successfully find the right key. On today’s hardware, such an attack could be carried out within a few minutes. Therefore, for key generation on the Primus HSM, Securosys utilizes a real hardware-based random number generators. As such, maximum entropy of the key is guaranteed.
Critical to the strength of AES are true random keys. Securosys Primus HSM generates random keys from hardware based true random number generators (TRNG) to guarantee maximum entropy.