AES encryption vulnerable to attack

The place for what's new and going on in the tech, innovation, and science world.
Post Reply
User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18896
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

AES encryption vulnerable to attack

Post: # 137772Post Egaladeist
Tue Aug 23, 2011 5:29 pm

Researchers from Microsoft and the Katholieke Universiteit Leuven have discovered a way to break the widely used Advanced Encryption Standard (AES), the encryption algorithm used to secure most all online transactions and wireless communications.

The attack can recover an AES secret key three to five times faster than previously thought possible, reported the Katholieke Universiteit Leuven, a research university based in Belgium.

The researchers caution that the attack is complex in nature, and so cannot be easily carried out using existing technologies. In practice, the methodology used by the researchers would take billions of years of computer time to break the AES algorithm, they noted.
With this work, the "safety margin" of AES continues to erode, noted security expert Bruce Schneier. "Attacks always get better; they never get worse," he wrote, quoting an expert from the National Security Agency.

Though unwieldy to execute, the attack can be applied to all versions of AES.
http://www.techcentral.ie/article.aspx?id=17280



User avatar
SirDice
I've posted HOW many
Posts: 4196
Joined: Mon May 15, 2006 9:59 am
Are you a Spammer: No
Location: Netherlands

Re: AES encryption vulnerable to attack

Post: # 137784Post SirDice
Wed Aug 24, 2011 7:34 am

Even though the keyspace will be drastically reduced it will still take a couple of million years to crack it.

Your data is still safe ;)
Oliver's Law:
Experience is something you don't get until just after you need it.

User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18896
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Re: AES encryption vulnerable to attack

Post: # 137785Post Egaladeist
Wed Aug 24, 2011 10:19 am

If all the banks/businesses are on this Advanced Encryption Standard (AES), then how do some banks/businesses get compromised?

User avatar
SirDice
I've posted HOW many
Posts: 4196
Joined: Mon May 15, 2006 9:59 am
Are you a Spammer: No
Location: Netherlands

Re: AES encryption vulnerable to attack

Post: # 137786Post SirDice
Wed Aug 24, 2011 10:23 am

Because they're stupid enough to think that just a username/password combination is good enough to protect your bank account.

There's no Dutch bank that does this, they all use two-factor authentication. American banks however are a completely different story.
Oliver's Law:
Experience is something you don't get until just after you need it.

User avatar
Aspman
Frustrated Mad Scientist
Posts: 8864
Joined: Mon Jan 09, 2006 10:07 am
Location: Scotland

Re: AES encryption vulnerable to attack

Post: # 137795Post Aspman
Thu Aug 25, 2011 10:02 am

SirDice wrote:Because they're stupid enough to think that just a username/password combination is good enough to protect your bank account.

There's no Dutch bank that does this, they all use two-factor authentication. American banks however are a completely different story.
And the UK. No 2FA here unless it's being sold as and extra.
"Man will never be free until the last king is strangled with the entrails of the last priest."
- Denis Diderot (1713-1784)

User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18896
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Re: AES encryption vulnerable to attack

Post: # 137799Post Egaladeist
Thu Aug 25, 2011 12:32 pm

I thought anything was ( reasonably ) penetrable given the right knowledge, tools, and ' preferably ' physical access?

If this Advanced Encryption Standard (AES) is so impenetrable that it would take millions of years to crack...why isn't it ' standard ' on every computer in every circumstance? Why doesn't it come ' standard ' like a DVD player and a graphics card when you purchase a computer?

I'm assuming...that AES is just encrypting passwords, and isn't a lot more complicated than that.

User avatar
SirDice
I've posted HOW many
Posts: 4196
Joined: Mon May 15, 2006 9:59 am
Are you a Spammer: No
Location: Netherlands

Re: AES encryption vulnerable to attack

Post: # 137801Post SirDice
Thu Aug 25, 2011 1:38 pm

Egaladeist wrote:I thought anything was ( reasonably ) penetrable given the right knowledge, tools, and ' preferably ' physical access?
True but it's a lot harder when you also have to crack hardware keys like we have here. They're basically code generators, you stick your bankcard in them, type your pincode. The website will offer a challenge, that challenge needs to be typed in on the 'calculator' and it will give a response. It's this response that will give you access. The challenge/response mechanism works really well and is pretty hard to beat. Not impossible but highly impractical.
If this Advanced Encryption Standard (AES) is so impenetrable that it would take millions of years to crack...why isn't it ' standard ' on every computer in every circumstance? Why doesn't it come ' standard ' like a DVD player and a graphics card when you purchase a computer?
Because data needs to be unencrypted or you won't be able to use it. If I'm not mistaken Windows Bitlocker uses it. It's not standard on all versions of Windows but on the professional ones it is.
I'm assuming...that AES is just encrypting passwords, and isn't a lot more complicated than that.
It can be used to encrypt pretty much everything, including passwords. Passwords are usually stored as a hash though. Hashes aren't 'reversible' while encryption is.
Oliver's Law:
Experience is something you don't get until just after you need it.

User avatar
Aspman
Frustrated Mad Scientist
Posts: 8864
Joined: Mon Jan 09, 2006 10:07 am
Location: Scotland

Re: AES encryption vulnerable to attack

Post: # 137805Post Aspman
Fri Aug 26, 2011 10:33 am

There will always be a problem with the nut between the keyboard and the screen
"Man will never be free until the last king is strangled with the entrails of the last priest."
- Denis Diderot (1713-1784)

User avatar
keezel
Jedi Bastard
Posts: 477
Joined: Sat Jun 17, 2006 2:56 am
Location: Atlanta

Re: AES encryption vulnerable to attack

Post: # 137847Post keezel
Wed Aug 31, 2011 1:40 pm

Aspman wrote:There will always be a problem with the nut between the keyboard and the screen
PEBCAK - problem exists between chair and keyboard :D
Only amateurs attack machines; professionals target people. Bruce Schneier

User avatar
Aspman
Frustrated Mad Scientist
Posts: 8864
Joined: Mon Jan 09, 2006 10:07 am
Location: Scotland

Re: AES encryption vulnerable to attack

Post: # 137849Post Aspman
Wed Aug 31, 2011 2:26 pm

Issues with Layer 8 in the stack
"Man will never be free until the last king is strangled with the entrails of the last priest."
- Denis Diderot (1713-1784)

Post Reply