Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT Research: Encryption Less Secure Than We Thought

Posted by Soulskill on from the but-still-pretty-darn-secure dept.

A group of researchers from MIT and the University of Ireland has presented a paper (PDF) showing that one of the most important assumptions behind cryptographic security is wrong. As a result, certain encryption-breaking methods will work better than previously thought. "The problem, Médard explains, is that information-theoretic analyses of secure systems have generally used the wrong notion of entropy. They relied on so-called Shannon entropy, named after the founder of information theory, Claude Shannon, who taught at MIT from 1956 to 1978. Shannon entropy is based on the average probability that a given string of bits will occur in a particular type of digital file. In a general-purpose communications system, that’s the right type of entropy to use, because the characteristics of the data traffic will quickly converge to the statistical averages. ... But in cryptography, the real concern isn't with the average case but with the worst case. A codebreaker needs only one reliable correlation between the encrypted and unencrypted versions of a file in order to begin to deduce further correlations. ... In the years since Shannon’s paper, information theorists have developed other notions of entropy, some of which give greater weight to improbable outcomes. Those, it turns out, offer a more accurate picture of the problem of codebreaking. When Médard, Duffy and their students used these alternate measures of entropy, they found that slight deviations from perfect uniformity in source files, which seemed trivial in the light of Shannon entropy, suddenly loomed much larger. The upshot is that a computer turned loose to simply guess correlations between the encrypted and unencrypted versions of a file would make headway much faster than previously expected. 'It’s still exponentially hard, but it’s exponentially easier than we thought,' Duffy says."

2 of 157 comments (clear)

  1. God says... by Anonymous Coward · · Score: -1, Offtopic

    the second.

    10:10 By the which will we are sanctified through the offering of the
    body of Jesus Christ once for all.

    10:11 And every priest standeth daily ministering and offering
    oftentimes the same sacrifices, which can never take away sins: 10:12
    But this man, after he had offered one sacrifice for sins for ever,
    sat down on the right hand of God; 10:13 From henceforth expecting
    till his enemies be made his footstool.

    10:14 For by one offering he hath perfected for ever them that are
    sanctified.

    10:15 Whereof the Holy Ghost also is a witness to us: for after that
    he had said before, 10:16 This is the covenant that I will make with
    them after those days, saith the Lord, I will put my laws into their
    hearts, and in their minds will I write them; 10:17 And their sins and
    iniquities will I remember no more.

    10:18 Now where remission of these is, there is no more offering for
    sin.

    10:19 Having therefore, brethren, boldness to enter into the holiest
    by the blood of Jesus, 10:20 By a new and living way, which he hath
    consecrated for us, through the veil, that is to say, his flesh; 10:21
    And having an high priest over the house of God; 10:22 Let us draw
    near with a true heart in full assurance of faith, having our hearts
    sprinkled from an evil conscience, and our bodies washed with pure
    water.

    1. Re:God says... by SleazyRidr · · Score: 1, Offtopic

      Sometimes "polite" language is not in itself sufficient to adequately convey a message. One could spend time elaborately preparing a ripost of the finer points of a religious belief which is, on it's face, ridiculous. This approach, however, would not adequately the pain, suffering and existential angst felt by the Anonymous Coward to whom you are replying or the countless other members of our community, myself included, who have been mistreated by the followers of this "imaginary friend." We are at a point in history and in society where people are using their "beliefs" to further their ends of oppressing people who are not attempting to do harm to anyone. We are at a point where we are expected to "respect" other's beliefs even when those beliefs run directly counter to what can be observed by the naked eye, even when the exercise of those beliefs would cause harm to those in the immediate vicinity. Still we cannot even read a website, purporting to relate to technology news, a completely secular subject, without finding these beliefs being forced into our eyeballs and down our throats. The level of anguish experienced at these events can not be expressed without resorting to expletives.

      tl:dr: Fuck you and your wankery.

      --
      Is 1563649 a prime number?