This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
AES break? Not really
jpgoldberg
Agile Customer Care 
in Lounge
AES (Advanced Encryption Standard) is of almost all cryptographic systems around today, including banks, governments, military, and of course, protecting your data with 1Password.
Microsoft Research has just [url="http://research.microsoft.com/en-us/projects/cryptanalysis/aes.aspx"]published a paper[/url] by three cryptographers visiting there. This paper find a really clever way to avoid some duplication of effort when trying to figure out the AES key used to encrypt some data. In this, they've reduced the effective strength of a 128 bit key to a 126 bit key [i]in certain limited circumstances[/i].
I'll write more about those limited circumstances later as I work through the paper. But even if this were entirely unrestricted, a 2-bit reduction is of no practical importance. Indeed, the last sentence of the abstract of the paper says it best
[quote]As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way.[/quote]
I'll post more as I work through the math.
At this point is two threats:[list=1]
[*]Unjustified panic leading people to move away from AES to systems that haven't been as well examined.
[*]Sometimes one "break" even if completely impractical, can show the way for other more meaningful attacks in years to follow. We will continue to follow and study the recommendations of the professional cryptographic community.
[/list]
But what I'm worried about at this point is (1).
Microsoft Research has just [url="http://research.microsoft.com/en-us/projects/cryptanalysis/aes.aspx"]published a paper[/url] by three cryptographers visiting there. This paper find a really clever way to avoid some duplication of effort when trying to figure out the AES key used to encrypt some data. In this, they've reduced the effective strength of a 128 bit key to a 126 bit key [i]in certain limited circumstances[/i].
I'll write more about those limited circumstances later as I work through the paper. But even if this were entirely unrestricted, a 2-bit reduction is of no practical importance. Indeed, the last sentence of the abstract of the paper says it best
[quote]As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way.[/quote]
I'll post more as I work through the math.
At this point is two threats:[list=1]
[*]Unjustified panic leading people to move away from AES to systems that haven't been as well examined.
[*]Sometimes one "break" even if completely impractical, can show the way for other more meaningful attacks in years to follow. We will continue to follow and study the recommendations of the professional cryptographic community.
[/list]
But what I'm worried about at this point is (1).
Flag
0