Slashdot Mirror
AES Announced as Federal Standard
chekhov writes: "Today NIST has finally announced AES (Advanced Encryption Standard) as a Federal Standard after 4 years of development. See the press release. AES is the replacement of DES and is expected to be used in financial systems and secure networks for up to 20 years. More information on the AES homepage."
In 20 years when the encryption is broken, will we then find out what "Rijndael" really means?
Weeks of coding saves hours of planning.
AES is Rijndael (ie the name of the cipher selected selected as AES is "Rijndael").
;-) here and here
Find out all about it (including how to say it
Tales from behind the Lagom Curtain
Hmmm.. Who broke the german Enigma under WWII, US or England/Poland ? :-)
There a big ambiguity that I couldn't really sort out while reading these web pages: Is this an Open standard or a Commercial standard ?
Will I have to pay royalties if I intend to write AES-compliant programs then sell related services?
I actually read in the facts page that the "public" helped building the algorithm and specs but in which way is that AES thing public?
Trolling using another account since 2005.
Interesting that the US government was busy asking people to try to crack an encryption standard, while at the same time upholding a law to make breaking encryption illegal.
So, now that this encryption method is officially accepted, will it be illegal to try to crack it?
Poland got there first, but when the Germans invaded completely ran out of resources and handed all their research over to England. A lot of work further down the line, and we (I'm English) were breaking the 3 wheel standard Enigma within hours of getting the first encrypted transmissions, thanks to Turing's 'bombes' (electro mechanical decrypting devices).
However, when it came to the German naval Enigma, the 4 wheel version, we ground to a halt. We didn't have the resources to build enough hardware to break the crypts within any time that the info would have helped. So we called in the US to help build more gear.. It was a big team effort.
Note however, that the 3rd Reich trusted Enigma utterly. They fell into the trap of thinking they were completely secure, and that was the downfall of Enigma, as it would be of any trusted encryption. Encryption by definition is breakable in a certain length of time. The problem with Enigma was that there were backdoors, such as the fact it never encrypted any letter as itself. The security of AES is currently being hailed as the fact it has a key field 10 to the 21 times larger than 56bit DES. Great. Only an idiot would try to brute force it though, so the number of keys is somewhat arbitrary.
http://twitter.com/onion2k
One of the perks of cryptography seems to be the chance to make up words for big numbers! 1 undecillion = 10^36
10^3 = Thousand
10^6 = Million
10^9 = Billion
10^12 = Trillion
10^15 = Zillion(?)
...
I seem to remeber Douglas Adams invented a 'grillion' but don't know how big that was supposed to be
personally I am a fan of serpant Ross Anderson work because I understand it and after some conversations with people who know both I think its better than AES
the sooner AES is used widely the better though
regards
john 'keys ? no sir I forget things' jones
Your better bet is to work out how to solve NP hard problems (or any one) and map it back to the crypto algorithm. But of course you'll be able to do that easily once IBM releases it's first quantum computer....
.sig
I found several notes on the openssl users list which seem to indicate that AES/Rijndael support will be available in OpenSSL 0.9.7. This has not been released yet, but is reportedly available in the CVS area.
The AES has selected the variable key lengths of 128, 192, 256 to be used with a 128 bit block
BouncyCastle has had a full implementation of Rijndael since 1.0 beta 4 (now at 1.10)
Disclaimer: I'm a BouncyCastle author.
The security of AES is currently being hailed as the fact it has a key field 10 to the 21 times larger than 56bit DES. Great. Only an idiot would try to brute force it though, so the number of keys is somewhat arbitrary.
Key length is, of course, vitally important. Understand the Rijndael spec. before you continue your speculation. Also, many "idiots" try to brute force it. Effort required to force a key is proportional to the cipher's weakness.
Less generally, by employing lack of symmetry and a non-linear layer in the cipher, AES pretty much gurantees that you'll simply be searching the key-space at random. If you can come up with a way to do better than a brute force, you should quit your current job.
The 2^255 Rijandel iterations required to force a 32 byte key is certainly sufficiently secure by todays standards, but historically consistent increases in computing power coupled with increased distributed processing ability due to networked computer proliferation means that keys will have to keep growing to stay resonably secure.
sig is
In addition, AES may have problems we don't even know yet. DES turned out not to require brute forcing.
...developing it, when you can ROT-13 anything and slap anyone who decodes with a copy of the DMCA? :P
If I read this correctly, terrorist cells qualify as "other organizations". I couldn't find any mention of export limitations, civilian key strength limitations, or bans on use by criminal organizations.
This really is no big deal. There a many high-quality hard crypto techniques around. If al-Queda really want strong crypto they can just FTP it from ssh.com like anyone else. Or PGP. Or OpenBSD.
But historically, they have relied on codes (as opposed to cyphers), trusted intermediaries and one time pads.
Here's a free clue for you: terrorists and other criminals, by definition, don't obey laws. So what if there's a "civilian key strength limitation" when you can download the source, change a #define and type make. So what if there's a ban, that's trivial to people who destroy skyscrapers just to make a point. So what if the algorithm is a secret, the US govt. doesn't have a monopoly on talented mathematicians.
This genie is already out of the bottle. Trying to put it back will only help the terrorists by disrupting and harming the commercial interests of the West further.
<rant>
The Feds never really had a chance of keeping crypto out of the hands of anyone, but they were too stupid to realize it, too busy banning metal cutlery in airports and nonsense like that. I am English, have you ever tried to eat a proper English breakfast with plastic cutlery?!
</rant>
RFC2440, which defines the OpenPGP standard, already reserves 3 AES keys sizes (128, 192, 256-bit).
Gnupg already supports AES in all 3 block sizes and so does 'official' PGP v7.0x.
PGP since v7.x hasn't been open source, so you won't find any details at www.pgpi.org. The best way to add AES support to previous 'open source' versions is to use the CKT builds by Imad. These are still based upon the v6.58 code base but contains dozens of fixes and improvements.
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
Now, if I happen to successfully develop an AES "decryptor", may I publish its source code without infringing the DMCA [tompox.com] ?
The inventors of Rijndael, who seem to be exceptionally intelligent and sane people, would probably be more than happy to be challenged with a real attack on the algorithm. Unless you have a PHD in Mathematics specializing cryptoanalysis you probably needn't waste your breath though.
Of course, if the media industry has had time to implement AES in one of their ridiculous UHT (User Hostile Tech) schemes, you may well end up under legal attack, as could, very possibly, the authors of the algorithm themselves should they find a flaw. It has been noted that the media industries will probably not go after "academics" in the short term considering how the Felten affair blew up on them (Russian's apparently don't count).
Just because the enemy has usurped the term "secure" for their UHT does not mean that you should confuse all encryption with DMCA etc. These algorithms really are secure, based on real math that most people agree not even the NSA can break, and do not rely on stupid "gun in mouth" schemes to keep people from breaking them as UHT invariably does.
>The S-tables were thought to have been chosen to
>make the algorithm easy to break for someone who
>knew the secret.
Yes, this is what was _thought_.
When differential cryptanalysis was discovered in 1991, many DES 'replacements' were completely broken, but DES itself was only weakened, not broken.
It turned out to be those NSA-picked S-boxes that made it much more secure than the alternatives. So, they actualy made the algorithm stronger, not weaker.
(and they had appearently knew about differential cryptanalysis some 20 years before the academic world did. scary, isn't it?)
--
GCP
You still use crypto software you have to pay for? [Yes, this was a joke, maybe you only use crypto "for personal use".]
GnuPG, on the other hand, developed AES capability less than 2 days after NIST originally approved Rijndael last year. The next public release wasn't for a week or two, but still.... (Well, NIST officially "approved" it just now, but they "recommended it for approval" just over a year ago.) I remember seeing a message from the GnuPG development list about an hour after the NIST announcement saying "I'm working on it."
GnuPG is similar to the command-line version of PGP and supports the same file formats / protocols, but is free for all uses and isn't affiliated with Phil Zimmerman or Computer Associates. I don't know if it has the same depth of plugin support for third-party apps, but hey, it's supported by all the Linux apps I need it for.
"How can you claim that you are anti-crack, while still writing a window manager?" — Metacity README
BouncyCastle.
It amazes me how often open source authors pick self-destructive names. A serious effort should not be limited by a humorous or trick name.
A name like BouncyCastle will limit the number of people who adopt the software. People are afraid there is a hidden joke they don't understand.
There are times when it is appropriate to be 100 percent serious.
I am NOT saying anything negative about the software. The ONLY negative thing I am saying about the authors is that they are obviously not professional communicators.
Open Source Software needs marketing communication like any product that wants to reach a large number of people.
Bush's education improvements were
In 1976 Donald Knuth published a paper titled Coping with Finiteness in which he names a number Super K. It is defined as 10^^^^3 where 10^^10 = 10^10^10^10^10^10^10^10^10^10^10 or 10^10 10 times.
I couldn't find the paper (damnit) but Knuth says in Things a Computer Scientist Rarely Talks About
"If you don't agree that Super K is so large as to be beyond human comprehension, I can at least prove conclusively that if you consider all the numbers less than or equal to Super K, almost all of them are impossible to describe in any way in the univerise"
I dunno, is that bigger than a googleplex? I wouldn't be surprised if the Guinness people spent less than 30 seconds researching this - in fact I suspect this was just some piece of useless trivia someone who happened to be in the office that day happened to know
In other news, Attorney General John Ashcroft "detained" all 857 employees of the NIST as "suspected terrorists". They are being held incommunicado at an undisclosed location, awaiting execution by a miliary tribunal. "We can't just have people releasing encryption algorithms whenever they feel like it, even if they are employees of the US Government," said Ashcroft. When it was pointed out to him that bin Laden avoids technical means of communication in favor of face-to-ear whispers among trusted family members, Ashcroft replied: "That's OK. Better to execute 857 innocent geeks than allow one terrorist to slip through."
sPh
Cryptonomicon is a good book, as is Enigma by Robert Harris.. however, they are works of fiction.
The Germans changed the wheel order, start positions, and reflector positions on the Enigma machines nightly, but that wasn't enough. The operators often used the same start codes over and over again, they sent predictable messages, and, like I said, there were issues with the Enigma itself. The UK RAF set up 'traps' by mining specific locations of the English Channel, and then Bletchly Park knew that the messages from specific lookout posts would contain the coordinates of the mines.. a very useful crib.
Try books such as Station X, Engima, Seizing The Enigma, and The Code Book for a readable history..
(The Code Book even has a nice challenge at the end (although the prize has been claimed))
http://twitter.com/onion2k
I think you're confused. RSA claimed, in their Scientific American article at least, that their 100-bit key would take millions of years to break. In fact, advances in factoring algorithms (and to a far less extent, raw computing power) lead to it being broken in less than 20 years. Now the minimal recommended key size is 400 bits longer, amd most of us use keys 900 bits longer.
DES was never expected to have a lifetime longer than 25 years or so. The cryptanalysts who designed DES never heard of Moore's law, and wouldn't have cared about it if they had. They knew that the most important factor was algorithm efficiency, not the raw computing power.
In fact, a study in Programming Pearls a while back compared the effects of improved algorithms vs. improved hardware speed for several historically hard problems. The results were clear - hardware is getting faster, but you could still run circles around the latest supercomputer running 1960s era algorithms with your PDA running current algorithms. (Okay, the original article compared Crays to TRS-80s, but kids today may not know what a trash-80 is.)
The only reason computers seem slower is that they're used to solve far bigger problems. People tend to be willing to spend the same amount of time solving problems, and for a given time O(nlg(n)) has a far larger value of 'n' than O(n^3).
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
- The new standard contains a sophisticated mathematical formula known as an algorithm.
Did anyone else find this to be hilarious? I can see a manager saying something like, "We need to write this at a 6th-grade level of comprehension. Be sure to define the word 'algorithm'."Check out Chad's News
US Government classified information? What the heck are they using for classified info crypto? From the article:
Q: What is the chance that someone could use the "DES Cracker"-like hardware to crack an AES key?
In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.
A: Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
snip...
The Advanced Encryption Standard (AES) will be a new Federal Information Processing Standard (FIPS) Publication that will specify a cryptographic algorithm for use by U.S. Government organizations to protect sensitive (unclassified) information.