Researchers Find Weakness in World's Toughest Encryption Standard

A group of Microsoft researchers announced recently that they had cracked a version of the Advanced Encryption Standard (AES), the world’s toughest encryption mechanism. Though you might not be aware of it, AES is all around you. Not only is it used in disk encryption systems, but it also secures online transactions, wireless networks and even top-secret government documents. Hundreds of millions of people worldwide come into contact with the encryption, so finding a vulnerability is a bit troubling for almost every sector.

“[This] is the first theoretical break of the Advanced Encryption Standard – the de facto worldwide encryption standard,” said Andrey Bogdanov, one of the researchers who worked out the method of breaking the code. His research partners were Dmitry Khovratovich and Christian Rechberger.

The mechanism came to the forefront as a response to a late-20th-century call by the National Institute of Standards and Technology for an encryption that could protect top-secret documents. After a lengthy review process, NIST accepted declared this version, nicknamed Rijndael, as that standard, certifying it for use in the federal government in 2002.

The key – that is, the information an authorized person can use to decrypt the protected information – can vary in length, with 128, 192 and 256 being typical key lengths. Longer keys provide greater security because each extra digit adds another variable.

After working for years, the researchers found they were able to break the code four times easier than was previously thought possible. But even still, the statistical probability of being able to ascertain the correct key is extremely thin: According to Bogdanov, a trillion computers each testing a billion keys per second would take more than two billion years to discover an AES-128 key.

For this reason, Bogdanov said, we shouldn’t worry about the standard’s robustness. “I do not expect our particular attack to impose any practical threat in applications using AES,” he said. “It is more of scientific value.”

Security blogger Bruce Schneier agrees. “What we're learning is that the safety margin of AES is much less than previously believed,” he wrote on his blog. “And while there is no reason to scrap AES in favor of another algorithm, [NIST] should increase the number of rounds of all three AES variants.”

So don’t worry, your Wi-Fi is still safe. But attacks are always increasing in precision, so sometime in the future, the AES may have to undergo a makeover.

About the Author

Laura Williams is content development editor for Security Products magazine.

  • The Power of the Open Platform The Power of the Open Platform

    In this interview, sponsored by OpenEye, Eric Fullerton addresses the specific advantages of an open platform solution. He also talks how an end user can streamline operations and reduce cybersecurity risk in the cloud. Reducing the burden on IT will make it easier to manage and maintain video deployments and integrations of all sizes.

Digital Edition

  • Security Today Magazine - July August 2022

    July / August 2022


    • Place Your Bets
    • Landmark Security
    • Adding Audio to ROI Programs
    • Protecting the Infrastructure
    • Unique Hiring Demands

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety