Is it possible to reverse engineer AES256?

B

9

13

Imagine I have this:

$cdata = AES_256($data, $pass);

AES_256 implements the AES algorithm.

If I know the content of $cdata and the content of $data and also have the AES_256() code, can I reverse engineer and find $pass?

Bernadettebernadina answered 1/5, 2009 at 7:40 Comment(4)

You're going to need alot of paper and pens – Molecular 1/5, 2009 at 8:7

Just a matter of wording: Reverse engineering AES would give you the AES algorithm. You already know that algorithm. What you are asking is called "breaking AES". – Body 1/5, 2009 at 9:23

Yes, of course, given sufficient time. :-) – Thomasinethomason 20/6, 2011 at 4:0

I found a related answer on security.stackexchange.com regarding known-plaintext with AES which may be helpful. – Roseroseann 4/9, 2012 at 15:59

G

15

Simple answer: NO.

This has been tested, and mentioned in the Wiki link.

A related-key attack can break up to 9 rounds of 256-bit AES. A chosen-plaintext attack can break 8 rounds of 192- and 256-bit AES, and 7 rounds of 128-bit AES, although the workload is impractical at 2¹²⁸ - 2¹¹⁹.

Or put it another way: you have a better chance of being struck by lighting... on the same day you win the Lottery, than breaking it!

Gangster answered 1/5, 2009 at 8:11 Comment(4)

"break up to 9 rounds of 256-bit AES" What is a "round" in this definition? – Bernadettebernadina 3/5, 2009 at 17:32

Block ciphers scrambles the message repeatedly using the same algorithm. A single "pass" of scrambling is called a "round". How many rounds are needed create a secure algorithm depends on how much a single round scrambles the input. AES-256 uses 14 rounds. – Chaunce 9/3, 2011 at 13:1

@Chaunce I get what a 'round' is for AES and in the context of an encryption algorithm but what does it mean when something says when "an attack can break up to x rounds..."? – Dam 5/8, 2011 at 5:43

This means, if you only use x rounds of the algorithm, there is an attack less complex than brute force to retrieve the plaintext. – Chaunce 29/6, 2012 at 14:0

S

13

This is called a known-plaintext attack. A good cipher like AES should be immune to it, as the others explained.

Selfmade answered 1/5, 2009 at 8:44 Comment(0)

I

4

If $pass is actually a password and not a 256-bit key, you may be in luck.

While it is far from trivial to perform, a brute-force attack against a normal password is much faster than brute-forcing a 256-bit key.

So modify one of the many password-brute-forcing tools, and you have a attack that (depending on the strength of the password) might take weeks to several years - but that is fast compared to 3x10^51 years...

Insensible answered 1/5, 2009 at 9:17 Comment(0)

M

3

Another quote, from Wikipedia:

AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2^128 times more computational power than a 128-bit key. A device that could check a billion billion (10^18) AES keys per second would require about 3 x 10^51 years to exhaust the 256-bit key space.

Brute forcing when you know the original text might be faster but still, 3 x 10^51 years is a long time. Plus there's the problem of probably not having a device that can check a billion billion (10^18) keys/second.

In short: everything is possible, but this is not feasible in the world we are now living in.

Monomorphic answered 1/5, 2009 at 8:52 Comment(0)

A

2

You could brute force it, but it would take a long time. As in decades or even longer. That's the point of encryption algorithms like AES.

Ansate answered 1/5, 2009 at 7:44 Comment(2)

The duration you are looking for is not "decades". It's more like "heat death of the universe". – Conspiracy 19/5, 2009 at 18:20

@Conspiracy and in 20-30 years I'm sure we'll be laughing about how trivial it is to break AES 256 and current encryption uses megabyte keys to keep up with computers. – Hilde 16/11, 2009 at 19:5

T

1

AES, like all good crypto algorithms, doesn't rely on security through obscurity.

In other words, there are no "secrets" in the code, so you having the code won't help you particularly.

Known plaintext is a separate issue, which I don't know much about so I'll leave that up to the other answerers.

Timeserver answered 1/5, 2009 at 9:21 Comment(0)

T

0

Of course not - the only approach is brute force. Do you really think NIST is so stupid as to choose a cipher that is so easily cracked for a new standard?

Turbulence answered 1/5, 2009 at 7:47 Comment(0)

A

0

with the power of super computers the time to crash AES encryption with be dramatically shortened.... I heard...

Arda answered 16/11, 2010 at 21:24 Comment(0)

O

0

2x2^256 possible combinations is a lot to bruteforce. But bruteforcing is the only way. It would actually take about 3 decades. AES is the best Encryption possible right now I'd say. But that would only take that much time using a CPU. Because GPU's (Graphic Processing Units) are strictly math based, people have been making programs that only use the GPU to crack math based algorithms much more quickly than a CPU could. In other words AES might not last 3 decades. If only eternity codes were possible. Well looks like dynamic encryption may be the only way people can really hide their information in the near future.

Osculation answered 20/6, 2011 at 3:21 Comment(1)

Three decades?! You can't even count to 2^192 in three decades if you used the entire output power of the Sun with an ideal computer. "If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter." This means that it would take 59,029,581,035,870,565,171 decades with all that computing power just to count to 2^256. – Tagliatelle 29/3, 2016 at 7:20

Recommended topics

Hot tags