RE: AESDec 14 2007 05:13PM Scott G. Kelly (s kelly ix netcom com)

An important caveat: the NIST estimate assumes cryptanalytical advances, along with hardware advances, but does not suggest that hardware alone will be sufficiently advanced within that amount of time to _brute force_ 128 bit keys.

Brute forcing a 128-bit key will take, on average, 2^127 encryptions and compares.

2^127 = 1.70141183 Ã? 10^38

If you assume you could check 1 billion (10^9) keys per second, this will still take you 1.7 x 10^29 seconds, or 5.39144876 Ã? 10^22 years. Making your key trials another billion times faster would still take 5.39144876 Ã? 10^13 years. This is longer than current estimates for the age of the universe.

Of course, there is some probability that you will find the key within some small number of attempts, but that probability is very small (n/(2^128) is *vanishingly* small for practical values of n).

-----Original Message-----
>From: Geoff Choo <geoff.choo (at) zonnet (dot) nl [email concealed]>
>Sent: Dec 14, 2007 6:52 AM
>To: crypto (at) securityfocus (dot) com [email concealed]
>Subject: RE: AES
>
>Cristian,
>
>From what I know of AES (http://www.cryptosystem.net/aes/), it should be
>able to withstand most practical cryptanalysis attacks when means that for
>the meantime, a brute force attack appears to be the most efficient key
>recovery attack on AES.
>
>However, even if you find a suitable crypto brute force tool, I hope you
>understand what it means to brute force a key at least 128 bits long.
>Keylength.com gives a good indication how long certain key lengths will
>afford protection. E.g. according to NIST, a 128 bit AES key should be
>sufficiently secure against mathematical attacks beyond 2030. This means
>that depending on how much computing power you have, I think it's still
>going to take you anywhere from 20 to 40 years to brute force a 128 bit key.
>
>-----Original Message-----
>From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
>Behalf Of Cristian Serban
>Sent: 14 December 2007 14:50
>Cc: crypto (at) securityfocus (dot) com [email concealed]
>Subject: Re: AES
>
>Thank you very much guys.
>I'll have to digg a little bit to get more familliar with this kind of
>attack.
>
>Cristian
>On Dec 14, 2007 1:29 PM, Brad Hards <bradh (at) frogmouth (dot) net [email concealed]> wrote:
>> On Friday 14 December 2007 09:44:49 pm Cristian Serban wrote:
>> > Hi guys and girls,
>> > I have a quick question, and i thought you might know.
>> > Do you know if it's possible to find the encryption key if i have a
>> > file both encrypted and unencrypted using AES?
>> This type of attack is known as "known plaintext attack".
>>
>> > Do you know any tool that does brute forcing on specified algorithms?
>> There are brute force attacks, but I'm not aware of anything that would be
>> significant against AES. See wikipedia for a bunch of references.
>>
>> For some algos, you might look at http://www.distributed.net/source/
>>
>> Brad
>>
>>
>
>
>
>--
>Cristian
>

Brute forcing a 128-bit key will take, on average, 2^127 encryptions and compares.

2^127 = 1.70141183 Ã? 10^38

If you assume you could check 1 billion (10^9) keys per second, this will still take you 1.7 x 10^29 seconds, or 5.39144876 Ã? 10^22 years. Making your key trials another billion times faster would still take 5.39144876 Ã? 10^13 years. This is longer than current estimates for the age of the universe.

Of course, there is some probability that you will find the key within some small number of attempts, but that probability is very small (n/(2^128) is *vanishingly* small for practical values of n).

-----Original Message-----

>From: Geoff Choo <geoff.choo (at) zonnet (dot) nl [email concealed]>

>Sent: Dec 14, 2007 6:52 AM

>To: crypto (at) securityfocus (dot) com [email concealed]

>Subject: RE: AES

>

>Cristian,

>

>From what I know of AES (http://www.cryptosystem.net/aes/), it should be

>able to withstand most practical cryptanalysis attacks when means that for

>the meantime, a brute force attack appears to be the most efficient key

>recovery attack on AES.

>

>However, even if you find a suitable crypto brute force tool, I hope you

>understand what it means to brute force a key at least 128 bits long.

>Keylength.com gives a good indication how long certain key lengths will

>afford protection. E.g. according to NIST, a 128 bit AES key should be

>sufficiently secure against mathematical attacks beyond 2030. This means

>that depending on how much computing power you have, I think it's still

>going to take you anywhere from 20 to 40 years to brute force a 128 bit key.

>

>-----Original Message-----

>From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On

>Behalf Of Cristian Serban

>Sent: 14 December 2007 14:50

>Cc: crypto (at) securityfocus (dot) com [email concealed]

>Subject: Re: AES

>

>Thank you very much guys.

>I'll have to digg a little bit to get more familliar with this kind of

>attack.

>

>Cristian

>On Dec 14, 2007 1:29 PM, Brad Hards <bradh (at) frogmouth (dot) net [email concealed]> wrote:

>> On Friday 14 December 2007 09:44:49 pm Cristian Serban wrote:

>> > Hi guys and girls,

>> > I have a quick question, and i thought you might know.

>> > Do you know if it's possible to find the encryption key if i have a

>> > file both encrypted and unencrypted using AES?

>> This type of attack is known as "known plaintext attack".

>>

>> > Do you know any tool that does brute forcing on specified algorithms?

>> There are brute force attacks, but I'm not aware of anything that would be

>> significant against AES. See wikipedia for a bunch of references.

>>

>> For some algos, you might look at http://www.distributed.net/source/

>>

>> Brad

>>

>>

>

>

>

>--

>Cristian

>

[ reply ]