GnuPG Celebrates 10 Years
GnuPG Celebrates 10 Years
Posted Dec 28, 2007 17:03 UTC (Fri) by flewellyn (subscriber, #5047)In reply to: GnuPG Celebrates 10 Years by bvdm
Parent article: GnuPG Celebrates 10 Years
I'm sorry, I can't agree that cryptography is a solved problem, except in the purely theoretical sense: sure, we have a mathematically-proven unbreakable cipher, the One-Time Pad, but it's so hard to deploy and use correctly that its applications are extremely limited in the real world.
So in all truth, it's likely that at some point in the future, AES will be cracked. Mind you, I have no idea how; if I knew that, I would be either the world's greatest cryptanalyst or the world's greatest psychic. But given the history of cryptography and cryptanalysis, I feel confident enough in saying that one day, somehow, AES will be broken.
Posted Dec 28, 2007 20:32 UTC (Fri)
by jd (guest, #26381)
[Link] (1 responses)
When (not if) a weakness is found in AES, it is pretty much guaranteed to be a weakness in the nature of the approximation. The 2DEM crowd demonstrated nicely in their initial paper how you could recover some information from encrypted images where there is a poor choice of encryption mode. I have no idea how much is recoverable, how much you can scrape the message for exposed data. Any information, though, must effectively reduce your key search space, with the obvious implication that sufficient information must reduce it to something you can search on a realistic timeframe.
Posted Dec 29, 2007 5:51 UTC (Sat)
by zooko (guest, #2589)
[Link]
I just went and had a look at the 2DEM docs that they submitted to NIST. As far as I could tell from a quick reading of the first couple of sections of their paper, they pointed out that ECB is very weak at confidentiality, and that CBC isn't parallelizable, and then proposed 2DEM mode. These two facts (ECB doesn't offer good confidentiality and CBC isn't parallelizable) were already well understood by other cryptographers. All of modes of operation described in SP 800-38 A (except of course ECB, which shouldn't have been included) offer good confidentiality, and CTR mode offers excellent parallelism. Some of the newfangled modes like OCB and GCM are also parallelizable. So as far as I can tell, 2DEM mode doesn't offer anything over CTR mode. Regards, Zooko
Posted Dec 29, 2007 16:35 UTC (Sat)
by Nelson (subscriber, #21712)
[Link] (3 responses)
It's hard to imagine it having a weakness that reduces its strength to something practical to process but I guess it's possible. You have to also understand that the ciphers that have been developed by actual cryptographers in the last 10 or so years that have been "cracked" the crack is almost never actually possible to do, it's just calculatably more efficient than brute force. It usually takes an intractable amount of processing power or storage to perform these "cracks" and the actual crack. Being paranoid, once a cipher has shown one of these weaknesses, it's usually abandoned and considered untrusted. I can't think of a legitimate cipher that has been developed in a long time that could actually be cracked in any practical manner, maybe FEAL or REDOC but those are pretty old.
Posted Dec 30, 2007 9:12 UTC (Sun)
by flewellyn (subscriber, #5047)
[Link] (2 responses)
DES has never been "cracked." As a matter of fact, yes, it has. You have to also understand that the ciphers that have been developed by actual
cryptographers in the last 10 or so years that have been "cracked" the crack is almost never
actually
possible to do, it's just calculatably more efficient than brute force. It usually takes an intractable
amount of processing power or storage to perform these "cracks" and the actual crack. See the above link. 22 hours using a distributed network is not infeasible. And this was in
1999, almost 9 years ago! Computers are much more powerful now, and massive parallel
clusters
are much more widespread. It's conceivable today that DES could be broken in a matter of
hours.
Posted Dec 30, 2007 17:13 UTC (Sun)
by dmaxwell (guest, #14010)
[Link]
Posted Dec 30, 2007 19:30 UTC (Sun)
by Nelson (subscriber, #21712)
[Link]
Do the math on AES then, if that's the best way to "crack" it then AES potentially be secure for centuries. And then there is EDE "Triple-AES" if we actually need something better.
Block cyphers use various methods of data mangling that produces a result that crudely approximates a totally random signal. The better the block cypher, the better the approximation. However, it isn't perfect and can never be perfect - even in theory. The encryption mode helps to improve the pseudo-randomness, but that too can never be perfect.
GnuPG Celebrates 10 Years
2DEM mode
DES has never been "cracked." AES is at least as strong as DES, it has withstood all of the known attacks against DES.
GnuPG Celebrates 10 Years
GnuPG Celebrates 10 Years
See the above link. 22 hours using a distributed network is not infeasible. And this was in 1999, almost 9 years ago! Computers are much more powerful now, and massive parallel clusters are much more widespread. It's conceivable today that DES could be broken in a matter of hours.
GnuPG Celebrates 10 Years
The OP is correct. DES has not been cracked in a cryptoanalytic sense. It has been brute forced because trying every key in a 56 bit keyspace is now practical. Any true crack to a cypher algorithm reduces the keyspace enough to make a brute force search practical. DES is simply weak in the keyspace dept. The math behind it is good.
Brute force isn't a "crack."
GnuPG Celebrates 10 Years