Monday, May 23, 2005

Successful attack on AES encryption

Dan Bernstein has a provocative paper on how he succesfully executed a complete AES key recovery in a lab setting. AES (Rijndael) is the current algorithm being promoted by NIST as the preferred method of encrypting data.

Instead of trying to crack the encrypted string, this approach attempts to learn about the encryption process as it executes by examining outside effects. In this case, the specific time certain parts of the encryption/decryption software takes to run leaks information to a potential attacker.

The autor notes that while this type of attack can be thwarted by not relying on array lookups, the performance hit is substantial enough to make use of the algorithm impractical.

I don't know if an attack like this has actually been pulled off in the wild yet. It sounds like your system would have to be pretty heavily compromised before this type of attack could take place.

cachetiming-20050414.pdf (application/pdf Object)

2 comments:

  1. Dimitar Misev08 May, 2007 11:23

    I don' understand how is AES stronger than 3DES, assuming both being used with same length key. Both do sort of permutation on the original data right?

    ReplyDelete
  2. I think for all practical purposes, 3DES and AES are effectively "secure" given todays common computing capabilities (provided the keys are about the same length). This article was talking about the work done to replicate similar cracks of 3DES with AES. This approach to cracking these cyphers isn't even looking at the actual code, instead, they are observing outside effects that arise during the encryption and decryption processes to try to determine what data is involved.

    However you look at it, both methods are about the strongest practical encryption methods we now have commonly available. If you have to decide between them, I think you're going to be looking more at compatibility and marketability issues. If you're looking to interact with the US government, then AES is the way to go for you since it's currently approved by NIST as the government's encryption method.

    ReplyDelete