MIT Research: Encryption Less Secure Than We Thought 157
A group of researchers from MIT and the University of Ireland has presented a paper (PDF) showing that one of the most important assumptions behind cryptographic security is wrong. As a result, certain encryption-breaking methods will work better than previously thought.
"The problem, Médard explains, is that information-theoretic analyses of secure systems have generally used the wrong notion of entropy. They relied on so-called Shannon entropy, named after the founder of information theory, Claude Shannon, who taught at MIT from 1956 to 1978. Shannon entropy is based on the average probability that a given string of bits will occur in a particular type of digital file. In a general-purpose communications system, that’s the right type of entropy to use, because the characteristics of the data traffic will quickly converge to the statistical averages. ... But in cryptography, the real concern isn't with the average case but with the worst case. A codebreaker needs only one reliable correlation between the encrypted and unencrypted versions of a file in order to begin to deduce further correlations. ... In the years since Shannon’s paper, information theorists have developed other notions of entropy, some of which give greater weight to improbable outcomes. Those, it turns out, offer a more accurate picture of the problem of codebreaking. When Médard, Duffy and their students used these alternate measures of entropy, they found that slight deviations from perfect uniformity in source files, which seemed trivial in the light of Shannon entropy, suddenly loomed much larger. The upshot is that a computer turned loose to simply guess correlations between the encrypted and unencrypted versions of a file would make headway much faster than previously expected. 'It’s still exponentially hard, but it’s exponentially easier than we thought,' Duffy says."
What does this have to do with Computors? (Score:5, Funny)
I thought this was News for Nerds, but instead we are reading about Math, which is some kind of religion, and I am an Atheist.
Just Great (Score:5, Funny)
Just great, Now instead of 100 Quintillion years, it's only going to take 100 Trillion years to decrypt my porn
Re:Just Great (Score:4, Funny)
I have changed my key from '1234' to '123456' to mitigate this...
That's why you shouldn't use plain text (Score:5, Funny)
Re:Interesting times (Score:4, Funny)
There, there - They're there.
Re:Huh? (Score:5, Funny)
Also, I think there is a theorem about modern crypto systems that says if you can guess one bit, the rest doesn't get any easier.
Nah, once you guess one bit, the only bit left is zero.
Re:good news for NSA (Score:5, Funny)
Re:good news for NSA (Score:5, Funny)
When the NSA tried to sneak a back door into an optional random number generator specified in a recent NIST specification, they were almost immediately caught by academics. http://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]
They probably should have taken lessons from Xerox if they wanted to embed random numbers in documents.
Disregard... (Score:2, Funny)
Any sentences that starts with, "What if it is we..."
Re:good news for NSA (Score:5, Funny)
Um... Zeno died of an arrow wound trying to prove that.
"I used to believe in an infinitely divisible universe like you,
then I took an arrow in the knee."
- Zeno
Re:That's why you shouldn't use plain text (Score:4, Funny)