Linked by David Adams on Wed 17th Aug 2011 17:53 UTC, submitted by HAL2001
Privacy, Security, Encryption Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts. In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126.
Permalink for comment 485736
To read all comments associated with this story, please click here.
RE[7]: AES-254
by Lennie on Thu 18th Aug 2011 11:03 UTC in reply to "RE[6]: AES-254"
Lennie
Member since:
2007-09-22

What you have to remember is that encryption isn't perfect. It is just statistics. They talk about how likely it is your data can be decrypted.

Your data is only as save as it's key.

For example if the random-data which is used to generate your key is somewhat predictable you have a big problem.

Because the range of keys that need to be tested gets reduced very quickly. It allows to test for whole lot less keys thus the kind of guesses that will be done will be a lot more likely to be right.

Obviously the problem with guessing is, you can guess right at the first time by accident (or in the first million or whatever a 'short' timeframe is).

So it is just statistics, it just says how large the key space is and thus how likely it is you can guess it.

Maybe a lottery is just a small keyspace, but people do win it. And pretty sure almost every day someone on this planet gets struck by lightning.

Certain hardware is also a lot more suitable than others.

From a paper on GPGPU and AES in 2010 mentions: "A peak throughput rate of 8.28 Gbit/s is achieved"..."the GPU is 19.60 times faster than the CPU."...

And that was in 2010.

It is also possible to build hardware specifically for guessing keys and testing decryption.

People always say: well, my data isn't that important, no-one will take the time to create the hardware to break it.

But the people creating the hardware are not making the hardware to just break your key, they make it to break the most valuable key.

And if it works, they will start on the next key and improve on the design I'm sure.

Is there a government or company in the world that is already working on this ? We don't know.

I'll shut up again.

Reply Parent Score: 2