From the
‘
no lock is secure
‘
files:
The AES (Advance Encryption Standard) (Define:AES) is a standard encryption mechanism in use by the US Government and many others – and it is now at risk from a very theoretical attack.
The attack is what is described as a cryptanalytic attack, by the researcher who have proposed that attack vector. AES is an extremely complex cryptographic algorithm and is something that to the best of my knowledge has not been hacked (successfully) before.
The key (no pun in intended) with this new approach is that it involves massive compute power in order to potentially decipher the AES encryption.
“While this attack is better than brute force — and some cryptographers
will describe the algorithm as “broken” because of it — it is still
far, far beyond our capabilities of computation,” Security researcher Bruce Schneier blogged. “The attack is, and
probably forever will be, theoretical. But remember: attacks always get
better, they never get worse.”
Schneier is absolutely right – all you need to do is look at how the MD5 cryptographic hash went from being a standard to being dropped by the US Government (and everyone else) as secure mechanism.
Back in 2004, security researcher Dan Kaminksy wrote a paper titled, “MD5 To Be Considered Harmful Some Day.” Theoretical collisions were discovered in that case, that were within three years, enough to give MD5 a black eye.