I need to encrypt a few drives using Kaspersky Total Security. I however noted something peculiar, Kaspersky's description of their cipher is:
Data will be protected using AES-256 encryption with a 56-bit effective key length?
Does this mean that they are using the same key generator that AES-256 uses but their key in reality isn't 256-bits long, instead 56-bits?
It would appear that this is as a consequence of the Wassenaar Arrangement (more detailed explanation). Basically, because cryptography falls under certain laws regarding munitions and arms trafficking there are restrictions on the strength of the cryptography you are allowed to sell (if the product is not a mass market product). It would appear that the limit on key size for symmetric algorithms is 56 bits. The exact verbage on the restriction is is:
A "symmetric algorithm" employing a key length in excess of 56 bit
Source: Section 5. A. 2. a. 1. a (Page 87) of this document.
What I assume they do is something similar to zero pad a 56 bit key of random bits to a length of 256 bits so that the key is the correct size but the export restrictions are still met.
Edit: As otus points out, I neglected to mention that 56 bits is not a whole lot in regard to security. It's so small that EFF cracked a 56 bit DES key via brute force in 1998 with roughly $250,000 of custom hardware.
If the effective key length is 56-bit, that means you have to enumerate only 56-bit. It's not secure at all. From Wikipedia:
In February 1997, RSA Data Security ran a brute force competition with a $10,000 prize to demonstrate the weakness of 56-bit encryption; the contest was won four months later. In July 1998, a successful brute-force attack was demonstrated against 56-bit encryption with a single desktop computer in just 56 hours.
Computing power never stopped growing in the past 20 years, so it would be much faster today. You don't even need special hardware with readily available public clouds like AWS. The article is talking about DES, but AES is just as fast to enumerate, if not faster. Modern CPUs even have opcodes to speed up AES computation.
You can also assume it's insecure just because the law that @puzzlepalace mentioned exists. Crytpo laws exist so no one can use something the law makers can't read. If the limit is 56-bit, then it's reasonable to assume whoever passed that law can crack at least 56-bit.
Another quote from Wikipedia:
The expectation seems to have been that this would further national interests in reading 'their' communications and prevent others from reading 'ours'. This policy was also adopted elsewhere for various reasons.
Short answer: Not enough.
The AES algorithm is defined in the FIPS standard with keylenght of 128, 192 or 256 bits. So you cannot use directly a 56-bit key. One needs to have a key with the proper length to use the AES encryption algorithm.
Data will be protected using AES-256 encryption with a 56-bit effective key length
probably means that the key used for the encryption has been generated with an entropy on only 56 bits. One can imagine multiple ways to do such operation: hashing with a function a random buffer of 56 bits or take random 56 bits and pad them to 256 with zeroes (or with any fixed, public, know value) or ...
In other words the quoted sentence means that a brute force would take only $2^{56}$ operation despite the keylenght is 256.
As today AES-256 is considered secure (the best known attack has complexity of $2^{254}$) one can consider that the effective strength of the encryption would be 56 bits.
From the "Public" column at the Keylength.com website one can remark that the required security level for symmetric encryption is (at present moment) at least 79 bits. Therefore an AES-256 with a 56-bit effective key length should not be considered as secure.
Reading this paper may result useful to understand how long a 56-bit key would resist to a bruteforce attack.
