Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Technology

New AES Attack Documented 236

Posted by timothy from the ponder-don't-panic dept.
avxo writes "Bruce Schneier covers a new cryptanalytic related-key attack on AES that is better than brute force with a complexity of 2^119. According to an e-mail by the authors: 'We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time. We believe that these results may shed a new light on the design of the key-schedules of block ciphers, but they pose no immediate threat for the real world applications that use AES.'"
This discussion has been archived. No new comments can be posted.

New AES Attack Documented More

New AES Attack Documented

Comments Filter:

  • Yawn (Score:3, Insightful)

    by Shikaku ( 1129753 ) on Wednesday July 01, 2009 @05:56PM (#28550501)

    So instead of taking 1 million years to brute force, it will take .9 million years?

    I totally made up those numbers but that's about the difference.

  • Re:Complexity (Score:3, Insightful)

    by Anonymous Coward on Wednesday July 01, 2009 @06:03PM (#28550601)

    I believe the complexity is a rough measure of how long it should take to break the code. So in this case, a reduction from 2^119 to 2^110.5 is approximately 360 times faster (that is, a 2^119 complexity attack takes 360 times as long as a 2^110.5 complexity attack).

  • Quantum Computers (Score:3, Insightful)

    by religious freak ( 1005821 ) on Wednesday July 01, 2009 @06:05PM (#28550643)
    Yeah, this is interesting math, but I don't think our cryptographic scheme is in danger until quantum computers become a stable and reliable source of heavy computing. Then we're all in trouble. How do you create a key, when the entire large number method is made obsolete by quantum computing? I haven't looked into it much, but I don't think anyone has found an answer yet.

    To my knowledge quantum cryptography is still limited to very close distances, while cracking a crypto key is obviously not affected by this limitation.

  • Re:Complexity. (Score:5, Insightful)

    by cpu_fusion ( 705735 ) on Wednesday July 01, 2009 @06:11PM (#28550725)

    Pardon me, but isn't the article about AES-256? So this is a much more significant drop in the number of bits.

    Of course, I've only read the summary. This is slashdot, natch.

  • Re:Complexity. (Score:2, Insightful)

    by xZgf6xHx2uhoAj9D ( 1160707 ) on Wednesday July 01, 2009 @06:13PM (#28550761)
    Oh dear, you're absolutely right. This is about AES-256. That's quite a significant attack indeed (though still not enough to make it practical).

  • Re:Quantum Computers (Score:3, Insightful)

    by JambisJubilee ( 784493 ) on Wednesday July 01, 2009 @06:18PM (#28550825)
    You are not in the shit. Secure communication can be established on an insecure channel using quantum cryptography. Look it up on Wikipedia.

  • Re:Furthers my stand on crypto, which is: DON'T (Score:5, Insightful)

    by droopycom ( 470921 ) on Wednesday July 01, 2009 @06:51PM (#28551249)

    Refutation: Crypto is indeed all about WHEN. WHEN is not pointless, it is the point.

  • Re:Complexity (Score:3, Insightful)

    by man_of_mr_e ( 217855 ) on Wednesday July 01, 2009 @09:41PM (#28552839)

    Unless of course you start in the middle and expand outwards in both directions ;)

  • Re:Quantum Computers (Score:2, Insightful)

    by mathimus1863 ( 1120437 ) on Wednesday July 01, 2009 @09:42PM (#28552847)
    I probably should've linked to my post about Quantum Computing [slashdot.org] from yesterday.

    The power of Quantum Computers is in getting really smart people to figure out how to take advantage of quantum interference to our benefit. There have been some really impressive results for a variety of pure-math problems that only a few people care about. But integer factorization and discrete-logarithms are among them - hence why QCs threaten most/all asymmetric encryption protocols (they're all based on one or both of those problems). However, for a vast array of problems, QCs won't offer us any computational improvement.

    There are some improvements for more-practical algorithms, but the speed-up isn't usually as impressive. However, using Grover's algorithm to reduce a pure guessing problem from O(n) to O(sqrt(n)) is intriguing, to say the least.

  • Re:Complexity. (Score:3, Insightful)

    by nine-times ( 778537 ) <nine.times@gmail.com> on Wednesday July 01, 2009 @10:06PM (#28553047) Homepage
    You can make fun of me anyway. It's a dumb mistake to make.

  • Re:Yawn (Score:3, Insightful)

    by Eivind ( 15695 ) <eivindorama@gmail.com> on Thursday July 02, 2009 @01:15AM (#28554065) Homepage

    http://valerieaurora.org/hash.html [valerieaurora.org]
    Pay special attention to the reaction of the "slashdotter" to "minor weakness found", and compare it to your reaction.
    Remember, attacks always gets better, never worse. The first attack that weakens an algorithm *is* a big deal.

    Oh, and reducing complexity from 2^128 to 2^110 isn't as it may appear a reduction of 10% in time-to-break, infact it's a reduction of 2^18 or about a factor of a million, so it's more like if before it took a million years, now it takes ONE year. Luckily for you, AES256 was at a lot more than a million years before the break, so there's still some air left in it.

Slashdot Top Deals

It's great to be smart 'cause then you know stuff.

Close