Cryptographic researchers have uncovered a chink in the armour of the widely used AES algorithm. The attacks pose no immediate threat to the security of AES, but they do illustrate a technique for extracting keys that is better than simply trying every possible key combination. Instead of such a brute force approach, the …
"Cryptographic researchers have uncovered a chink in the armour of the widely used AES algorithm."
That's an incredibly offensive way to describe a Chinese hacker...
"(ironically on a page that harbors a digital certificate problem)"
Yup: ssl_error_bad_cert_domain. That's superb!
Idiot browsers and general incomptence.
"ironically on a page that harbors a digital certificate problem"
Cryptographically it's fine, it's just created for a different site. If it's your bank you should care, otherwise - who gives a damn. You'd hope a tech blog talking about cryptographic algorithms would engage brain before reading what their IE install says, but oh well.
As for the who cares guy, cryptographic algorithm strength is measured in the time it would take the world's most powerful supercomputers to break them, as soon as you find weaknesses in them they're technically worthless. There's also a chance that this one weakness could lead to others or be a more serious problem in another algorithm - so it's not like you can put your fingers in your ears and lalalala I'm not listening!
Of course he'd say that. It's in his best interests to protect the myth of AES.
Did you actually read the article? Do you even know who Bruce is? You've just repeated almost word for word what he said and then are saying he's putting his fingers in his ears.
Interesting interpretation. You sir are the fail
GET THE FACTS BEFORE YOU TRY TO WRITE ABOUT THEM
#1MD6 has not been withdrawn. You can read that from the MD6 web page here: http://groups.csail.mit.edu/cis/md6/ :
"We are not withdrawing our submission; NIST is free to select MD6 for further consideration in the next round if it wishes."
#2 The problem with MD6 was not performance, it was instead a recognition that there was a problem in their security proofs. As stated in the website:
"But at this point MD6 doesn't meet our own standards for what we believe should be required of a SHA-3 candidate, and we suggest that NIST might do better looking elsewhere. In particular, we feel that a minimum 'ticket of admission' for SHA-3 consideration should be a proof of resistance to basic differential attacks, and we don't know how to make such a proof for a reduced-round MD6."
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Spanish village called 'Kill the Jews' mulls rebranding exercise
- NASA finds first Earth-sized planet in a habitable zone around star