Linked by David Adams on Wed 17th Aug 2011 17:53 UTC, submitted by HAL2001
Privacy, Security, Encryption Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts. In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126.
Thread beginning with comment 485647
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: AES-254
by Drumhellar on Wed 17th Aug 2011 23:26 UTC in reply to "RE[4]: AES-254"
Drumhellar
Member since:
2005-07-12

I don't think there are words that could convey the unlikelihood of such an event and still be accurate.

To my ears, nearly impossible has always sounded more likely than exceedingly unlikely.

Either way, impossible is demonstrably wrong.

Reply Parent Score: 2

RE[6]: AES-254
by Morgan on Thu 18th Aug 2011 00:00 in reply to "RE[5]: AES-254"
Morgan Member since:
2005-06-29

How about "impossible within the natural lifespan of all currently living humans and their great*10^18 offspring"? That's my take on it.

After all, I doubt any humans would be left alive 70 quadrillion years from now to care what the encrypted data was. Even if there were, the computer being used to crack it would likely disintegrate completely a few hundred million years into the process.

So, yeah, "impossible" is, for all intents and purposes, a practical description.


Edit: And yes, I know galvanash's white paper called for 77 septillion years, but I was attempting to stay within the lifespan of the universe, give or take an order of magnitude.

Edited 2011-08-18 00:04 UTC

Reply Parent Score: 2

RE[7]: AES-254
by umccullough on Thu 18th Aug 2011 05:53 in reply to "RE[6]: AES-254"
umccullough Member since:
2006-01-26

How about "impossible within the natural lifespan of all currently living humans and their great*10^18 offspring"? That's my take on it.


Actually, with a brute force attack, there's an (exceptionally) slim possibility that the first attempt will crack it.

That's the thing with a brute force attack, you don't necessarily have to go through the entire keyspace to break it, just until you actually find the answer ;)

That's what makes it extremely improbable vs. impossible.

Reply Parent Score: 5

RE[7]: AES-254
by Lennie on Thu 18th Aug 2011 11:03 in reply to "RE[6]: AES-254"
Lennie Member since:
2007-09-22

What you have to remember is that encryption isn't perfect. It is just statistics. They talk about how likely it is your data can be decrypted.

Your data is only as save as it's key.

For example if the random-data which is used to generate your key is somewhat predictable you have a big problem.

Because the range of keys that need to be tested gets reduced very quickly. It allows to test for whole lot less keys thus the kind of guesses that will be done will be a lot more likely to be right.

Obviously the problem with guessing is, you can guess right at the first time by accident (or in the first million or whatever a 'short' timeframe is).

So it is just statistics, it just says how large the key space is and thus how likely it is you can guess it.

Maybe a lottery is just a small keyspace, but people do win it. And pretty sure almost every day someone on this planet gets struck by lightning.

Certain hardware is also a lot more suitable than others.

From a paper on GPGPU and AES in 2010 mentions: "A peak throughput rate of 8.28 Gbit/s is achieved"..."the GPU is 19.60 times faster than the CPU."...

And that was in 2010.

It is also possible to build hardware specifically for guessing keys and testing decryption.

People always say: well, my data isn't that important, no-one will take the time to create the hardware to break it.

But the people creating the hardware are not making the hardware to just break your key, they make it to break the most valuable key.

And if it works, they will start on the next key and improve on the design I'm sure.

Is there a government or company in the world that is already working on this ? We don't know.

I'll shut up again.

Reply Parent Score: 2

RE[6]: AES-254
by rirmak on Fri 19th Aug 2011 18:02 in reply to "RE[5]: AES-254"
rirmak Member since:
2009-06-23

Either way, impossible is demonstrably wrong.


This must be the most autistic sample of pedantry I've encountered since early April.

Oh, and for your arguing style you also have a raspberry from me in ;) semantics, as "demonstrably" may be the lamest excuse for a technicality this month (infantile hypercorrection).

Reply Parent Score: 1