Linked by David Adams on Wed 17th Aug 2011 17:53 UTC, submitted by HAL2001
Privacy, Security, Encryption Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts. In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126.
Thread beginning with comment 485636
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: AES-254
by Drumhellar on Wed 17th Aug 2011 22:51 UTC in reply to "RE[2]: AES-254"
Member since:

With today's computer speeds it is simply impossible to brute force it

I'm a stickler for details, especially on anything relating to numbers. A brute force attack is not impossible, however, it is exceedingly unlikely.

Reply Parent Score: 2

RE[4]: AES-254
by galvanash on Wed 17th Aug 2011 22:58 in reply to "RE[3]: AES-254"
galvanash Member since:

Ok, impossible might not be the right word. But "exceedingly unlikely" doesn't do it justice either...

This is a little tidbit from a paper I read a while back (its a pdf - don't know where I got it from so I can't link to it)...

If you assume:

Every person on the planet owns 10 computers.

There are 7 billion people on the planet.

Each of these computers can test 1 billion key
combinations per second.

On average, you can crack the key after testing
50 percent of the possibilities.


The earth’s population can crack one
encryption key in 77,000,000,
000,000,000,000,000,000 years.

That is a bit more than "exceedingly unlikely" ;)

Reply Parent Score: 3

RE[5]: AES-254
by Drumhellar on Wed 17th Aug 2011 23:26 in reply to "RE[4]: AES-254"
Drumhellar Member since:

I don't think there are words that could convey the unlikelihood of such an event and still be accurate.

To my ears, nearly impossible has always sounded more likely than exceedingly unlikely.

Either way, impossible is demonstrably wrong.

Reply Parent Score: 2

RE[5]: AES-254
by reez on Wed 17th Aug 2011 23:57 in reply to "RE[4]: AES-254"
reez Member since:

You know there are those Bitcoin folks with buildings brimmed with graphics cards. ;)

Think about quantum physics. It is also possible to just walk through a wall or slip through the earth, which in fact mots of us are "trying" 24/7. I know, it is a lot more likely to find a key, but the problem is people's (meaning at least mine) usually have a problem comprehending how (un)likely an event is. Just think about lotteries. People play because there is a chance, even though most of them know it is very unlikely. Walking through a wall is even free, still you be called insane if you tried, while nobody does when you take part in a lottery.

Reply Parent Score: 2

RE[5]: AES-254
by Slambert666 on Thu 18th Aug 2011 10:35 in reply to "RE[4]: AES-254"
Slambert666 Member since:

The assumption is that the computing power stays constant.
If computer speed doubles every 18 months then the problem can be solved in 0.01 seconds 300 years from now, given the same amount of processing power, relatively. This is not taking into account algorithmic improvements.

Just like today we find historic ciphers like the Caesar cipher laughably easy to crack, the future will find AES256 easy to crack.

Reply Parent Score: 1