Re: A link to attempt of an attack on AES



On Nov 16, 10:58 am, Mok-Kong Shen <mok-kong.s...@xxxxxxxxxxx> wrote:
Mok-Kong Shen wrote:

http://eprint.iacr.org/2009/374.pdf

is a paper by A. Biryukov et al., entitled 'Key recovery attacks of
practical complexity on AES variants with up to 10 rounds'.

In my 2nd post (15.11.2009) in the thread "Dynamic change of encryption
keys" I argue that in my understanding such attacks, ingenious as they
are, could nevertheless never be practically effective, if one can
tolerate some additional processing cost and employs dynamic keys
instead of using a single key to process a message. You are sincerely
invited to give your comments and critiques there, if any.

We already had a past discussion about this when the attack was
published. It was commonly understood that the attack does not apply
to how most people use AES since related [chosen ones at that] keys
are not practical, that any tampering with the stream would be
identified and the session terminated.

So the attack, while noteworthy and interesting isn't really a threat.

Also, it's not polite to start multiple threads all over USENET when
you're not getting the attention you think you deserve. People don't
reply to you because, well quite frankly, you're annoying and prone to
long drawn out discussions that involve no intellectual effort on your
part. There is little reward in others trying to share wisdom or
knowledge with you since you're impervious to new ideas or
information. If you want people to pay attention to you, reward their
effort and good will with a little professionalism.

Tom
.



Relevant Pages

  • Re: A basic cryptanalysis question
    ... >> appear out of his attack, he assumes he's recovered the plaintext. ... >include the keys in your construction. ... such a function look at my second order bijective compression of english ...
    (sci.crypt)
  • Re: how secure is SSL?
    ... Most SSL protocols in practice are using 1024-bit RSA keys. ... Untrusted code is another, extra huge problem. ... the number of linearly independent equations. ... Well, if this particular attack is flawed, I don't know. ...
    (sci.crypt)
  • =?windows-1252?Q?Re=3A_Counteracting_Different_Attacks_by_Selective_Mea?= =?windows-1252?Q?n
    ...  The cipher that I have invented ... remaining attack i.e. ciphertext-only attack. ... Making my main keyet (the set of change-or-origin vectors random ... I have said just now that there are other keys also. ...
    (sci.crypt)
  • Re: best fedora solution to securely erase folders/clean free space?
    ... It makes sense to use luks encrypted partitions so that the file systems are not practically accessible once the keys are out of memory. ... People have also been know to set up physical destruction of disk drives that can be triggered very quickly. ... Again there is a balancing act between making sure the drives are destroyed before they are seized and inadvertantly destroying them when there isn't a real threat. ... Another attack you may need to worry about is the evil maid attack where the computer is accessed and hardware key loggers and the like are attached and then put back where it was, in the hope you will enter keys that will be obtained when the device is accessed again later. ...
    (Fedora)
  • Re: [Full-disclosure] Firewire Attack on Windows Vista
    ... shorten the window of attack for a specific type of user but it's mostly ... Microsoft claims that hibernate mode clears the cryptographic keys from ... my point was _not_ that in a very specific configuration you're ...
    (Bugtraq)