Researchers Find Weakness in World's Toughest Encryption Standard

A group of Microsoft researchers announced recently that they had cracked a version of the Advanced Encryption Standard (AES), the world’s toughest encryption mechanism. Though you might not be aware of it, AES is all around you. Not only is it used in disk encryption systems, but it also secures online transactions, wireless networks and even top-secret government documents. Hundreds of millions of people worldwide come into contact with the encryption, so finding a vulnerability is a bit troubling for almost every sector.

“[This] is the first theoretical break of the Advanced Encryption Standard – the de facto worldwide encryption standard,” said Andrey Bogdanov, one of the researchers who worked out the method of breaking the code. His research partners were Dmitry Khovratovich and Christian Rechberger.

The mechanism came to the forefront as a response to a late-20th-century call by the National Institute of Standards and Technology for an encryption that could protect top-secret documents. After a lengthy review process, NIST accepted declared this version, nicknamed Rijndael, as that standard, certifying it for use in the federal government in 2002.

The key – that is, the information an authorized person can use to decrypt the protected information – can vary in length, with 128, 192 and 256 being typical key lengths. Longer keys provide greater security because each extra digit adds another variable.

After working for years, the researchers found they were able to break the code four times easier than was previously thought possible. But even still, the statistical probability of being able to ascertain the correct key is extremely thin: According to Bogdanov, a trillion computers each testing a billion keys per second would take more than two billion years to discover an AES-128 key.

For this reason, Bogdanov said, we shouldn’t worry about the standard’s robustness. “I do not expect our particular attack to impose any practical threat in applications using AES,” he said. “It is more of scientific value.”

Security blogger Bruce Schneier agrees. “What we're learning is that the safety margin of AES is much less than previously believed,” he wrote on his blog. “And while there is no reason to scrap AES in favor of another algorithm, [NIST] should increase the number of rounds of all three AES variants.”

So don’t worry, your Wi-Fi is still safe. But attacks are always increasing in precision, so sometime in the future, the AES may have to undergo a makeover.

About the Author

Laura Williams is content development editor for Security Products magazine.

  • Securing Entertainment Venues Securing Entertainment Venues

    One thing entertainment venues, sports stadiums and theme park officials want to accomplish is getting people back into their seats. That is happening today—but not without understanding and technology. In this episode, AJ DeRosa shares his insight on how COVID-impacted businesses are able to face safety and security issues with confidence and technology. We also discuss visitor expectations and how venue officials can ensure their space is secure as they welcome visitors back.

Digital Edition

  • Security Today Magazine - November December 2021

    November / December 2021


    • Navigating System Integration
    • Protecting Premises and People
    • Cashing in Your VMS System
    • Encryption and Compliance
    • Security Breach at 38,000 Feet

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety