Slashdot Mirror
New Attack Against Multiple Encryption Functions
An anonymous reader sends word of a paper presented a few days back by Adi Shamir, the S in RSA, that promises a new form of mathematical attack against a broad range of cryptographic ciphers. The computerworld.com.au report leans heavily on Schneier's blog entry from the Crypto 2008 conference and the attached comments. Shamir's paper has not been published yet. "[The new attack could affect] hash functions (such as MD5, SHA-256), stream ciphers (such as RC4), and block ciphers (such as DES, Triple-DES, AES) at the Crypto 2008 conference. The new method of cryptanalysis has been called a 'cube attack' and formed part of Shamir's invited presentation at Crypto 2008 — 'How to solve it: New Techniques in Algebraic Cryptanalysis.' The new attack method isn't necessarily going to work against the exact ciphers listed above, but it offers a new generic attack method that can target basically formed ciphers irrespective of the basic cipher method in use, provided that it can be described in a 'low-degree polynomial equation'... What may be the biggest outcome from this research is the range of devices in widespread use that use weaker cryptographic protection, due to power or size limitations, that are now vulnerable to a straightforward mathematical attack."
only fractal encryption can save us now!
I've recently come across a situation where my client's data is being held hostage by their application vendor. The vendor decided to encrypt the data during one of their 'upgrades' and now that the client wants to move to another application, the vendor won't decrypt the data without being paid a huge fee. They probably used something easy like an XOR cipher but I don't have the time to research how to figure this out. Are there any tools out there that I can use to give a sample of the encrypted data and the decrypted data, figure out the method used and then decrypt all the data?
I'd love to stick it to the application vendor. What a dick move.