AES cracked – or is it?

There's new research that's being described as saying that the AES encryption algorithm has been "cracked."

I'm probably not alone in dreading these sorts of stories. Many people who work for encryption vendors probably feel the same way about them because they always end up being a distraction for a week or so as we explain to people why their sensitive data is still safe, even if hackers have access to the latest and greatest attack.

The headlines often aren't quite true, but that that doesn't stop lots of people from worring about exactly what's what. And that's understandable, because most people really don't care about the details of encryption. And they shouldn't. As Calvin Coolidge might have said if he were around today, "The business of America is business, not worrying about the arcane details of encryption."

So what's the bottom line this time and how does it affect the security of any sensitive data that you're encrypting with AES?

Here's the way that Andrey Bogdanov, one the researchers who found this weakness in AES, described the implications of this new attack:

The practical consequence is that the effective key length if AES is about 2 bits shorter than expected – it is more like AES-126, AES-190 and AES-254 instead of AES-128, AES-192 and AES-256.

So we're looking at reducing the security provided by an AES key by about 2 bits, or about a factor of 4. But because even the weakest AES keys, the 128-bit keys, require hundreds of billions of years on implausibly-powerful supercomputers to crack, knocking off 2 bits is really no big deal. That might reduce the time needed to crack a key from 100 billion years to only 25 billion years, for example, which is still isn't the sort of attack that's practical for a hacker to do. And it's one that probably never will be.

So the work by Andrey Bogdanov, Dmitry Khovratovich and Christian Rechberger (BKR) that's being described as leading to AES being cracked really isn't really worth losing sleep over. Even if hackers only have to do one-quarter of the work that they would have otherwise needed to do to crack an AES key, this still leaves them with an impossible amount of work left. So much work that they'll never try to actually carry out this attack.

So the bottom line is that if the BKR attack is the best that a hacker can do, your data's still extremely safe.

Leave a Reply

Your email address will not be published. Required fields are marked *