Linked by David Adams on Wed 17th Aug 2011 17:53 UTC, submitted by HAL2001
Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts. In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126.
Thread beginning with comment 485767
theoretical vs practical encryption
by unclefester on Thu 18th Aug 2011 13:56 UTC

Member since:
2007-01-13

There is theoretical encryption and practical encryption. In reality good enough is more than adequate.

a) No one will even attempt to crack even basic encryption unless there is a relatively big incentive for doing so eg solve a major crime or obtain important military secrets.

b) Most encrypted data is only useful for a short period. This may be a few days for a terrorist bomb plot or a few years for top secret aircraft design. Virtually no secret is likely to be worth anything in 100 years.

If the effort to crack the encryption exceeds the potential value of the data then it is automatically secure. This is regardless of the actual strength of the algorithm. The CIA isn't going to spend 20 years and billions of dollars to see if there is some porn hidden on John Does's laptop.

Member since:
2011-01-28

unclefester,

Late reply, sorry but I've been away.

A lot of posts seem to assume that a brute force approach can only attack a single key at a time. But as far as we know there may be ways of combining the effort to simultaneously brute force many AES keys with no/little extra cost.

As a simple example: finding prime numbers individually is (relatively) slow, but there are practical sieve algorithms which can test many thousands of candidates in one swoop.

Therefor the underlying assumption in the following quote (for example) may be false.

"If the effort to crack the encryption exceeds the potential value of the data then it is automatically secure. This is regardless of the actual strength of the algorithm. The CIA isn't going to spend 20 years and billions of dollars to see if there is some porn hidden on John Does's laptop."

Continuing with the fictitious numbers above, and assuming that all AES keys can be broken in parallel, then the CIA may very well find it worthwhile to spend billions of dollars (just a dent in military spending anyways) to reverse all keys of interest.

I'm not trying to make any assertions here that AES cracking is feasible, but we shouldn't assume that cracking K keys takes K times more resources than cracking a single key.

Reply Parent Score: 2