Researchers Find Weakness in World's Toughest Encryption Standard

A group of Microsoft researchers announced recently that they had cracked a version of the Advanced Encryption Standard (AES), the world’s toughest encryption mechanism. Though you might not be aware of it, AES is all around you. Not only is it used in disk encryption systems, but it also secures online transactions, wireless networks and even top-secret government documents. Hundreds of millions of people worldwide come into contact with the encryption, so finding a vulnerability is a bit troubling for almost every sector.

“[This] is the first theoretical break of the Advanced Encryption Standard – the de facto worldwide encryption standard,” said Andrey Bogdanov, one of the researchers who worked out the method of breaking the code. His research partners were Dmitry Khovratovich and Christian Rechberger.

The mechanism came to the forefront as a response to a late-20th-century call by the National Institute of Standards and Technology for an encryption that could protect top-secret documents. After a lengthy review process, NIST accepted declared this version, nicknamed Rijndael, as that standard, certifying it for use in the federal government in 2002.

The key – that is, the information an authorized person can use to decrypt the protected information – can vary in length, with 128, 192 and 256 being typical key lengths. Longer keys provide greater security because each extra digit adds another variable.

After working for years, the researchers found they were able to break the code four times easier than was previously thought possible. But even still, the statistical probability of being able to ascertain the correct key is extremely thin: According to Bogdanov, a trillion computers each testing a billion keys per second would take more than two billion years to discover an AES-128 key.

For this reason, Bogdanov said, we shouldn’t worry about the standard’s robustness. “I do not expect our particular attack to impose any practical threat in applications using AES,” he said. “It is more of scientific value.”

Security blogger Bruce Schneier agrees. “What we're learning is that the safety margin of AES is much less than previously believed,” he wrote on his blog. “And while there is no reason to scrap AES in favor of another algorithm, [NIST] should increase the number of rounds of all three AES variants.”

So don’t worry, your Wi-Fi is still safe. But attacks are always increasing in precision, so sometime in the future, the AES may have to undergo a makeover.

About the Author

Laura Williams is content development editor for Security Products magazine.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West

  • Live From ISC West 2024: Post-Show Recap

    ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now

    • Industry Events
    • ISC West

  • ISC West 2024 is a Rousing Success

    The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3