AfterDawn: Tech news

Cryptographers can break AES faster with new method

Written by James Delahunty (Google+) @ 19 Aug 2011 9:18 User comments (7)

Cryptographers can break AES faster with new method Widespread encryption system could be broken faster than brute-force.
The Advanced Encryption Scheme (AES) is used to protect everything from e-commerce to government data. AES is the encryption standard of choice for the United States government since 2001, when the it took over from the Digital Encryption Standard (DES).

A paper presented at the Crypto 2011 conference on Wednesday detailed a new technique for attacking the encryption standard. It would allow an attacker to recover AES secret keys up to five times faster than was previously possible, using a technique called biclique cryptanalysis.

"This research is groundbreaking because it is the first method of breaking single-key AES that is (slightly) faster than brute force," said Nate Lawson, a cryptographer and the principal of security consultancy Root Labs. "However, it doesn't compromise AES in any practical way."

By practical way, he means that the method will only do a slightly better job than brute force, and so would still take an unfathomable amount of time - in the trillions of years - to break it.

"This technique is a divide-and-conquer attack. To find an unknown key, they partition all the possible keys into a set of groups. This is possible because AES subkeys only have small differences between rounds," Lawson said. "They can then perform a smaller search for the full key because they can reuse partial bits of the key in later phases of the computation. It's impressive work but there's no better cipher to use than AES for now."

Tags: encryption AES
Previous Next  

7 user comments

119.8.2011 21:47

No worries...I knew that AES cracking would get faster if only because of faster computers...but there is still no way I have seen that my password could be cracked before I die of old age.



220.8.2011 0:14

Oh, now it will only take a few trillion years. The title of this article made me jump a bit.

320.8.2011 0:16

Never underestimate hackers, people have been getting burned by this for years. With access to 1000 computers, they could crack a lot faster, bot-net anyone? Even leased time on one of the massive parellel systems would speed things up. It only becomes a major concern when it becomes worth the effort and expense, or a government wants to throw money away.

420.8.2011 5:37

Just for giggles...let's imagine that there was a hacker that built a botnet with 100,000 computers...and that every one of those computers was a supercomputer as fast as the world's most powerful supercomputer. Maybe he could crack my password in only a few decades, but why would he want to? Surely such a hacker could think of something better to do with his botnet?

Also, I don't think my password would be of much use in 30-80 years, as I change it every 6 months or less.

This message has been edited since its posting. Latest edit was made on 20 Aug 2011 @ 5:38


520.8.2011 8:46

I agree completely, it's not worth the time or effort, as is the case with most people's information.

The problem isn't necessarily one of the password changing, if that encryption is protecting a file with a list of bank accounts, for example, how long is that data valid. There is no perfect encryption and while it is unlikely, someone could come up with a quick way to crack the encryption at any time. Things like this happen, especially when Governments devote massive amounts of resources to a task. At some point, all encryption becomes less secure and anything encrypeted is vulnerable if it is still out there. My point is that nothing anyone can access is totally secure regardless of the encryption and assuming it is would be asking for trouble.

I look at it like what DNA has done to crime. There are thousands of unsolved cases all over the country that have been solved because the police kept evidence, DNA was recovered and matched to someone. It has also exonerated many people wrongfully convicted, but people who thought they got away woke up to a surprise one day.

Yes it is unlikely, but to think it can;t change overnight is foolishness. It happens all the time.

621.8.2011 20:33
llongtheD
Inactive

Originally posted by KillerBug:
Just for giggles...let's imagine that there was a hacker that built a botnet with 100,000 computers...and that every one of those computers was a supercomputer as fast as the world's most powerful supercomputer. Maybe he could crack my password in only a few decades, but why would he want to? Surely such a hacker could think of something better to do with his botnet?

Also, I don't think my password would be of much use in 30-80 years, as I change it every 6 months or less.
So your machine is unhackable, or just your password?
This message has been edited since its posting. Latest edit was made on 21 Aug 2011 @ 20:40

If your fish seems sick, put it back in the water.

726.12.2011 8:12
Happinesse
Unverified new user

Some people can read AES encrypted information like it isnt ciphered.
I dont mean the actual people : )

Comments have been disabled for this article.

News archive