AES Vulnerability

From: Christ, Bryan (bryan.christ_at_hp.com)
Date: 05/05/05

Next message: Young, Randy: "RE: Cannot SSH from outside LAN"

Previous message: Peter Childs: "Re: ssh going zombie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 5 May 2005 09:44:32 -0500
To: <secureshell@securityfocus.com>

I have been using AES strictly for the past 18 months. I am not a
crypto guru so my decision was based on an article at wikipedia.org
which quoted a United States government report saying,

"The design and strength of all key lengths of the AES algorithm
(i.e., 128, 192 and 256) are sufficient to protect classified
information up to the SECRET level. TOP SECRET information will require
use of either the 192 or 256 key lengths. The implementation of AES in
products intended to protect national security systems and/or
information must be reviewed and certified by NSA prior to their
acquisition and use."

Well, I decided to check for updates on wikipedia and now there is an
amendment saying,

"In April 2005, Daniel_J._Bernstein announced a cache timing
attack that breaks most practical AES implementations, and applied it to
break OpenSSL when using AES encryption. The attack is against practical
implementations but appears hard to defend against because of the AES
structure."

The write-up on the cache-timing attack is here for those interested
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf and also how to do
it. After reading this write-up I am considering moving to blowfish and
am looking for some advice. At least one person is intrested in
cracking my server because my logfile reveals days of dictionary
attacks. Below are the questions I am looking for.

1. 64-bit blocksizes are considered too small and only the full
16-round blowfish implemnation appears sufficient. Are there any other
vulnderabilites?
2. Is blowfish susceptible to cache-timing attacks?
3. How can I ensure that the criteria for #1 are met in my OpenSSH
configuration?

Thanks in advance to all who reply!
Bryan

Next message: Young, Randy: "RE: Cannot SSH from outside LAN"

Previous message: Peter Childs: "Re: ssh going zombie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Quadruple Algorithms
... occurring" (a fatal flaw being found in AES, ... the most likely attack on your entire system, ... Threat one: Your implementation of AES has an undiscovered ... with the output of one cipher feeding ...
(sci.crypt)
Re: Only people who originally frequent sci.crypt reply to this
... The mode of a cipher is one of the many, ... you need to get right in order to turn a secure algorithm into a secure ... there are no known attacks against AES. ... attack of any kind against a cipher, ...
(sci.crypt)
Re: Quadruple Algorithms
... occurring" (a fatal flaw being found in AES, ... the most likely attack on your entire system, ... So inverting ... For every low number multiplication as above divid the whole array by ...
(sci.crypt)
Quadruple Algorithms
... occurring" (a fatal flaw being found in AES, ... the most likely attack on your entire system, ... Threat one: Your implementation of AES has an undiscovered ... with the output of one cipher feeding ...
(sci.crypt)
Re: My little something...
... So where DES and FEAL, or even Knufu for that matter. ... been applied to a wide variety of ciphers from balanced feistels [DES, ... There is no reason to assume a future attack would apply only to AES. ...
(sci.crypt)