updated 02:55 pm EDT, Wed August 17, 2011
Practical crack still far off
Three cryptographers have reported that they have found a crack in the Advanced Encryption Standard (AES) security algorithm that is used to protect the keys that can open encrypted files. The break is the first known theoretical breach of the de facto worldwide encryption standard. Fortunately, the researchers indicate that a practical breach using the crack is far off into the future.
Essentiallly, the trio have founded a way to shorten the encryption algorithm by two bits. The AES-128 standard, for example, becomes 126 bits instead of 128 bits in length. Despite this, the AES algorithms themselves are still safe.
"To put this into perspective," said Andrey Bogdanov, one of the researchers from K.U.Leuvenon, "on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key."
AES is widespread and commonly used to encrypt hard drives, such as in FileVault in Mac OS X Lion or in hardware on some newer drives. Cracking it usually requires local access and may make it difficult for a remote exploit.
The three researchers hail from academia and industry. In addition to Bogdanov, the second, Christian Rechberger, is from the Crypto Team at Ecole Normale Superieure (ENS) in Paris. The third, Dmitry Khovratovich works for the cryptography group within Microsoft Research. [via The Inquirer]