Join 3,424 readers in helping fund MetaFilter (Hide)


September 16, 2002
4:06 AM   Subscribe

AES may have been broken. The new standard in crypto, AES, and other algorithms, appear to be vulnerable to xsl. This is not a practical attack, yet, but if you're interested in crypto it's fascinating (and shocking) news.
posted by andrew cooke (7 comments total)

 
I suspect there'll be more news at politech soon. The attack is based on the relationship between algorithms and mathematics - this article, although not directly related to the attack, explores similar ideas.
posted by andrew cooke at 4:10 AM on September 16, 2002


Not to be confused with this, of course.
posted by drinkcoffee at 4:39 AM on September 16, 2002


wait till quantum computers become more commonly available. no conventional cryptography may be safe. also, i like the bomb gifs. they create a sense of urgency. (seriously. after seeing the way that most GNU documentation authors are content to let texi2html butcher webpage layout and design, webpages like this are a relief.)
posted by moz at 8:20 AM on September 16, 2002


This reminds me that I am glad PGP is back and funded, that PGP does not (as far as I know) rely primarily on Rijndael, and that this news is coming before they release PGP 8.0.

I remember that there was some criticism that the AES block cipher candidates peer-review period was too short. Perhaps this would have been caught otherwise?

Speculation on my part. Just an observer on the sidelines of the cryptography debate.
posted by i blame your mother at 9:26 AM on September 16, 2002


Whew, thank goodness, drinkcoffee, when I first read the article, I was freaked that my style sheets were breaking people's codes while styling my news feeds!

Anyway, this is both good and bad news. Bad because the attack has been found, but good because if they find out HOW it happened, then they can make the encryption better.

Common paranoia dictates that the NSA is far ahead of the public in terms of cryptographic technique, hence any public discovery of a vulnerability in, and subsequent strengthening of, an encryption technique is good news. Its when the NSA finds a vulnerability, and doesn't tell anyone about it, that its bad news. At least, bad news for us. :)
posted by phidauex at 9:29 AM on September 16, 2002


Perhaps this would have been caught otherwise?

i'm no expert - as far as i understand things, it was the elegance of rijndael that suggested the attack. and yet the attack is effective against serpent, which was apparently the conservative choice (and so presumably more traditional?). so on the one hand, it's a "general" attack, in which case the timing is mostly bad luck, but on the other hand, it's somehow related to rijnadael, so perhaps more time would have helped (if this had turned up, it would have caused chaos!).

in the past, when des was chosen, nsa "fixed" it against an attack not known publicly. that they didn't fix rijndael/aes might suggest that this attack is new to them too?
posted by andrew cooke at 12:30 PM on September 16, 2002


I don't think you can assume the NSA didn't know about this.
They may have considered it already and decided there is no practical attack with this method, or decided the likelihood of outside agencies discovering the attack was negligible.
posted by sonofsamiam at 3:30 PM on September 16, 2002


« Older What's our government doing right now? Nobody car...  |  Need a user's manual for your ... Newer »


This thread has been archived and is closed to new comments