Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Smokey's Security Forums is now able to help Spanish customers in their native language.

Los Foros de Seguridad de Smokey están ahora ofreciendo ayuda a clientes cuyo lenguaje natal es el español.

Análisis de registros utilizando OTL - Eliminación de Programas Maliciosos, Programas de Mercadeo y Popups & Limpieza del Sistema Operacional




Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: Practical AES attacks get closer  (Read 412 times)

0 Members and 1 Guest are viewing this topic.

PeachesTopic starter

  • VIP Member
  • *****
  • Offline Offline
  • location: Beautiful B.C. Canada
  • Posts: 1099
    • WWW
Practical AES attacks get closer
« Reply #1 on: August 02, 2009, 07:04:30 AM »
Practical AES attacks get closer

Cryptologists have now developed even more sophisticated attacks on AES encryption systems. According to crypto expert Bruce Schneier, a team consisting of Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich and Adi Shamir have managed to crack reduced versions of AES-256 in practical length of time. Attacking nine-round AES-256 required 239 time, which is even feasible with an ordinary PC, while ten-round would require 245. The time required for eleven rounds, however, is just above practicality at 270. The attack exploits a vulnerability in the key schedule, a function AES-256 uses to derive sub-keys from the main key.

While the new attacks represent major progress in the cryptanalysis of AES, they are still irrelevant for attacks against real-world AES implementations and this is not only because of the reduced number of rounds (by default, AES-256 uses 14 rounds). Also, the attack is a related-key attack, which means that the attacker must have access to the plaintext of several units of ciphertext encrypted with keys that are related in a specific way. Such scenarios can theoretically only be found, for example, in hard disk encryption and network protocols, where the individual block keys are generated in such a weak way.

That the new methods are completely ineffective, or nearly so, when attacking AES-128, which has the shortest keys, seems at first glance, contradictory. The reason: Long keys provide a bigger target, that is more bits, for the cryptologists to establish mathematical relationships. To maintain the integrity of AES encryption Schneier suggests increasing the number of rounds before the first practical attacks reach reach the number of rounds used by standard AES: from ten to 16 for AES-128, from twelve to 20 for AES-192, and from 14 to 28 for AES-256. However, this considerably slows down the encryption process. A simpler solution is to AES-encrypt data twice with the same key, which halves the speed while effectively also doubling the number of rounds.

See also:

"Luxembourg attacks" on AES encryption, a report from The H.
(crve)

Heise security - http://www.h-online.com/security/Practical-AES-attacks-get-closer--/news/113902

 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved

Security Knowledge-, Alert- & News Center and Comprehensive Microsoft Windows Information & Download Center
Board- and databases search functions and the download of post attachments are only available to registered board members

    

  

Smokey's Security Forums provide full qualified OTL Log Analysis & Cleaning Services in English, German and Spanish language
OTL (OldTimer ListIt) is a flexible, multipurpose, diagnostic, and malware removal tool, it also has some curative ability

Microsoft Security Info & Alert Center: all released Microsoft Security Bulletins, Alerts, Advisories and Vulnerabilities, in real-time