Content deleted Content added
TommyGundam (talk | contribs) m take advantage of the "first" and "last" fields |
→External links: demo link added |
||
| (6 intermediate revisions by 6 users not shown) | |||
Line 16:
| cryptanalysis = Attacks have been published that are computationally faster than a full [[brute-force attack]], though none as of 2023 are computationally feasible.<ref name="aesbc">{{cite web |url=http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-url=https://web.archive.org/web/20160306104007/http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-date=March 6, 2016 |title=Biclique Cryptanalysis of the Full AES |access-date=May 1, 2019 |url-status=dead |df=mdy-all}}</ref>
For AES-128, the key can be recovered with a [[computational complexity]] of 2<sup>126.1</sup> using the [[biclique attack]]. For biclique attacks on AES-192 and AES-256, the computational complexities of 2<sup>189.7</sup> and 2<sup>254.4</sup> respectively apply. [[Related-key attack]]s can break AES-
Another attack was blogged<ref name="Bruce Schneier">{{cite web |url=http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |title=Another New AES Attack |author=Bruce Schneier |date=2009-07-30 |work=Schneier on Security, A blog covering security and security technology |access-date=2010-03-11 |url-status=live |archive-url=https://web.archive.org/web/20091005183132/http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |archive-date=2009-10-05}}</ref> and released as a [[preprint]]<ref>{{cite web |url=https://eprint.iacr.org/2009/374 |title=Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds |author=Alex Biryukov |author2=Orr Dunkelman |author3=Nathan Keller |author4=Dmitry Khovratovich |author5=Adi Shamir |date=2009-08-19 |access-date=2010-03-11 |archive-url=https://web.archive.org/web/20100128050656/http://eprint.iacr.org/2009/374 |archive-date=28 January 2010 |url-status=live}}</ref> in 2009. This attack is against AES-256 that uses only two related keys and 2<sup>39</sup> time to recover the complete 256-bit key of a 9-round version, or 2<sup>45</sup> time for a 10-round version with a stronger type of related subkey attack, or 2<sup>70</sup> time for an 11-round version.
Line 185:
The Cryptographic Algorithm Validation Program (CAVP)<ref>{{cite web |url=http://csrc.nist.gov/groups/STM/cavp/index.html |title=NIST.gov – Computer Security Division – Computer Security Resource Center |publisher=Csrc.nist.gov |access-date=2012-12-23 |url-status=live |archive-url=https://web.archive.org/web/20130102044410/http://csrc.nist.gov/groups/STM/cavp/index.html |archive-date=2013-01-02}}</ref> allows for independent validation of the correct implementation of the AES algorithm. Successful validation results in being listed on the NIST validations page.<ref>{{cite web |url=http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm |title=Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules |url-status=dead |archive-url=https://web.archive.org/web/20141226152243/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm |archive-date=2014-12-26 |access-date=2014-06-26}}</ref> This testing is a pre-requisite for the FIPS 140-2 module validation. However, successful CAVP validation in no way implies that the cryptographic module implementing the algorithm is secure. A cryptographic module lacking FIPS 140-2 validation or specific approval by the NSA is not deemed secure by the US Government and cannot be used to protect government data.<ref name="cnss.gov"/>
FIPS 140-2 validation is challenging to achieve both technically and fiscally.<ref name="openssl">{{cite web |author=OpenSSL, openssl@openssl.org |url=http://openssl.org/docs/fips/fipsnotes.html |title=OpenSSL's Notes about FIPS certification |publisher=Openssl.org |access-date=2012-12-23 |url-status=dead |archive-url=https://web.archive.org/web/20130102203126/http://www.openssl.org/docs/fips/fipsnotes.html |archive-date=2013-01-02}}</ref> There is a standardized battery of tests as well as an element of source code review that must be passed over a period of a few weeks. The cost to perform these tests through an approved laboratory can be significant (e.g., well over
== Test vectors ==
Line 225:
* [http://www.formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng.swf Animation of Rijndael] – AES deeply explained and animated using Flash (by Enrique Zabala / University ORT / Montevideo / Uruguay). This animation (in English, Spanish, and German) is also part of [[CrypTool|CrypTool 1]] (menu Indiv. Procedures → Visualization of Algorithms → AES).
* [https://formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng-html5.html HTML5 Animation of Rijndael] – Same Animation as above made in HTML5.
* [https://infsec.de/aes-in-excel-eng/ AES Demo in Excel] - Example implementation and demonstration in Excel (without macros) by Tim Wambach.
{{Cryptography navbox | block}}
| |||