Re: AES128 key predictability

Derek Fountain <nomail@xxxxxxxxxxxxxxx> writes:

AES was designed such that even if the keys it used
successively were K, K+1, K+2, K+3, ..., there
would be no way of determining K,

As I said in the original post, I'm suspicious of the device's entropy.
I doubt the designer did something as daft as use a time-based key
creation algorithm, but if he did, and analysis shows that pattern, a
brute force might actually work.

With an unknown starting point, even using a time-based
key wouldn't show a weakness, for the same reason that a
simple counter with an unknown starting point would be
difficult to reverse engineer. In fact it would be harder,
because if you're using a contiguous sequence and are
supplying N samples, then there's a trivial attack of
complexity 2^192/N (which is still impractically huge)
that is guaranteed to succeed, whereas there's no equivalent
for something that's bases on the time (unless you know
what its dependence on time is).

Forcing it to re-key at very short intervals might tell
you if it was time-based if you can get it to re-key to
exactly the same key.

Note, however, that I'm not an expert in this field, and
I gladly defer to others who know more.

Phil
--
Dear aunt, let's set so double the killer delete select all.
-- Microsoft voice recognition live demonstration
.