New Research Cracks AES Keys 3-5x Faster

Landing his first accepted submission, qpgmr writes "AES, generally thought to be the gold standard for encryption, is showing weaknesses. From Computerworld: 'Researchers from Microsoft and the [Belgian] Katholieke Universiteit Leuven have discovered a way to break the widely used Advanced Encryption Standard, the encryption algorithm used to secure most all online transactions and wireless communications.'" The full paper has lots of details. Note that it would still take a few billion years with current computers to actually break anything, but there may be further vunerabilities yet to be discovered.

Correction

[CharlyFoxtrot]

The Katholieke Universiteit Leuven (KUL) is a Belgian, specifically Flemish, university not Dutch.

Re:"current computers"

[Nialin]

No, they just use Keyloggers.

That's some mighty fine print you got there...

[geekmux]

"New Research Cracks AES Keys 3-5x Faster"

(the fine print)

"it would still take a few billion years with current computers to actually break anything.."

Re:That's some mighty fine print you got there...

[FuzzyDaddy]

Or "New attack reduces 256 bit key strength by two bits"

Re:That's some mighty fine print you got there...

E=MC^2 you fucking retard

Bruce Schneier's take

[condition-label-red]

linky...

Re:"current computers"

[DragonTHC]

you mean our equipment?

it's widely known that the NSA uses all known operating systems for distributing computing tasks.

So every windows computer connected to the Internet will accept NSA task packets and compute them and send them back. It does this seamlessly though so the user never sees anything. They built it into the TCP/IP stack. It just becomes easier with windows and even Linux. (SELinux anyone?)

Re:The AES-128 "crack" requires 2^88 bytes of stor

[flonker]

The NSA called. They deny that any such data center exists.

Re:"current computers"

[dido]

No. To crack AES-128 the attack still requires work of the order of 2^126.1. A machine capable of cracking a 56-bit DES key in a second might be built for about US$5B, going by the price of the COPACABANA FPGA-based DES cracker (US$10,000 for a machine that can crack 56-bit keys in 6 days). Such a machine would take 140 trillion years to crack AES-128 by brute force, or 38 trillion years to crack AES-128 using the algorithm. If you had 38 trillion of these machines you could conceivably crack an AES-128 password in a year. But to give you some idea of how big 38 trillion is, if each of these 38 trillion machines could be made to fit in a 1U server box, the rack would be just over 1.672e8 km high, just a bit over one astronomical unit. You could build a bridge from the earth to the sun with that. If you spread that many machines out, they'd cover 8,892,000 square kilometers, which is more than the total area of the lower 48 states of the US, and you'd have enough machines left over to pave over just about half of Alaska. If they ran at 100 W each, the project would require 3.3288e16 kWh of energy, or 1.2e23 joules, about a thousand times more than the world's annual energy consumption.

For 256-bit keys the problem is even worse. The algorithm has a complexity of 2^254.4. The energy requirement of that staggering number, assuming a computer able to operate at the von Neumann-Landauer limit of ln(2)kT energy per bit flip, running at a temperature of 2.7 K, would require a staggering 1.24e54 J of energy, about the equivalent of 10 billion supernovas, or about a thousandth of the total mass-energy of the Milky Way Galaxy.