Feeds

New AES crypto standard broken already?

Depends who you ask

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Theoretical attacks against AES (Advanced Encryption Standard) winner Rijndael and runner-up Serpent have been published. They might work in the practical world; they might not. That's about all we can say from the latest edition of Bruce Schneier's CryptoGram newsletter, which seeks to simplify the issues discovered by researchers Nicolas Courtois and Josef Pieprzyk, and elaborated in a paper entitled "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations".

Now while this represents an interesting bit of research, it does not mean that AES has been or even can be cracked in the real world. The work is theoretical and needs to be reviewed by others; and even if it's confirmed in theory and partially confirmed empirically, it may never be possible to exploit it.

"You can try the attack on simplified versions of the cipher -- fewer rounds, smaller block size -- but you can never be sure the attack scales as predicted," Schneier points out.

That said, it's ironic that Serpent, which touts itself as more secure than Rijndael (though slower), appears at least for now to be more vulnerable in this case. And while there's no immediate problem for either cipher, we may find that AES' functional life-expectancy is considerably shorter than originally hoped (something like a century).

"If the attack really works, it can only get better. My fear is that we could see optimizations of the XSL attack breaking AES with a 2^80-ish complexity, in which case things starts to get dicey about ten years from now," Schneier reckons.

That's bad news for those who might require that an encrypted object remain impractical to decrypt for several decades. Some businesses perhaps, and certainly some government and military agencies do need very long-lasting and very strong levels of communications and data security. What we're seeing here is another example proving that asking for one-shot solutions is asking too much. We've said it before and we'll say it again: there's no substitute for a holistic approach to security and privacy in which no single component is ever fully trusted. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.