Cryptogram: AES Broken?

← Back to Stories (view on slashdot.org)

Posted by chrisd on Monday September 16, 2002 @12:42AM from the small-s-boxes-lead-to-weirdness dept.

bcrowell writes "The latest CryptoGram reports that AES (Rijndael) and Serpent may have been broken. The good news is that when cryptographers say 'broken' they don't necessarily mean broken in a way that is practical to exploit right now. Still, maybe we need to assume that any given type of crypto is only temporary. All of cryptography depends on a small number of problems that are believed to be hard. And all bets are definitely off when quantum computers arrive on the scene. Maybe someday we'll look back fondly on the golden age of privacy."

3 of 277 comments (clear)

Min score:

Reason:

Sort:

Comment removed by account_deleted · 2002-09-16 00:49 · Score: 3, Interesting

Comment removed based on user account deletion
What Schneier really meant to say... by BigBadBri · 2002-09-16 01:27 · Score: 4, Interesting

Serpent and Rijndael are vulnerable to this attack - it seems Twofish isn't - damn government should have chosen Twofish for AES instead...

Seriously, though - any approach that manages to reduce the difficulty of cracking these algorithms by a factor of 2^100 is impressive, and Schneier at least simplifies it enough that us folks with very rusty number theory can appreciate the achievement.

His comment later in Cryptogram about his name appearing on a list of banned words is much, much scarier - looks like he's upset someone in the content censorship Gestapo. That same content filter would deny access to today's Slashdot front page - nasty.

--
oh brave new world, that has such people in it!
Re:Maybe? by dfay · 2002-09-16 02:06 · Score: 3, Interesting

AES, DES, Serpent are all symmetric, as were all of the entries to the NIST AES contest. I forget if it was a condition of the contest.

Since these are all symmetric, key distribution must either happen over another channel, or through a public key exchange method, all of which (AFAIK) use asymmetric algorithms. I don't know that I'd say that asymmetric algorithms are more susceptible, though. The biggest disadvantage to those algorithms is that they tend to require a lot more computing power, and one of the goals of the NIST AES contest was to provide an algorithm that would be implementable on really small platforms, such as embedded devices and smart cards. In fact, one of the best traits of Rijndael is that it seemed just as secure as the other entries while remaining very simple. It has been implemented on a few small 8-bit microcontrollers, and, when optimized, can take as little as 32 bytes of state (RAM).