Is AES encryption vulnerable?

Question

I was reading weaknesses in AES encryption. Unfortunately, I have a website that uses AES: Its database is almost entirely AES encrypted.

Is there a real threat? Would it be worth to refactor the web site's implementation?

Not the exact question, but yours is already answered there [Are there limits (or, what are the limits) to our understanding of AES's resistance to known plaintext attacks?](http://security.stackexchange.com/questions/54400/are-there-limits-or-what-are-the-limits-to-our-understanding-of-aess-resista) — Adi, May 08 '14 at 13:45
If AES is weak,which is the encryption algorithm you consider strong to implement on your website ? — techno, May 09 '14 at 03:14
"To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key." — Stephen Touset, Feb 28 '17 at 21:31

score 9 · Answer 1 · answered May 08 '14 at 13:48

Technically "cracked" only means that a method was found that reduces guessing from random guesses to slightly less than random guesses. The flaw that was discovered is one such minor crack. A perfect crypto-system would require making 2^127th guesses on average to crack a 128 bit key. The attack against AES allows it to be done on average in 2^125.1th guesses. Sure, it is over 1/4 faster, but 1/4 of now to the heat death of the universe is still far longer than we need to worry about.

And if you are truly worried, up the bit depth of your key and it's even more unlikely to be cracked. This is basically what the approach is for when 3DES is still used. There are significant compromises against DES, but upping the key length and using 3 DES operations back to back results in preserving a relatively secure algorithm out of something that has actual significant weaknesses to cryptanalysis.

score 1 · Answer 2 · edited Mar 17 '17 at 10:46

The biclique attack only has a small advantage over brute-force cracking.

From Wikipedia, the free encyclopedia

Attacks have been published that are computationally faster than a full brute force attack, though none as of 2013 are computationally feasible: For AES-128, the key can be recovered with a computational complexity of 2^126.1 using the biclique attack. For biclique attacks on AES-192 and AES-256, the computational complexities of 2^189.7 and 2^254.4 respectively apply. [More...]

In other words, if your concerns regarding security are very high, you could upgrade to AES-256 (if you're not using this AES variety already).

Also see this answer by Lucas Kaufmann and this one by Tom Leek.

score -1 · Answer 3 · edited Nov 04 '19 at 19:54

-1

AES is vulnerable to brute force attack and MITM attack. To make AES more secure, the keysize can be increased but this will not eliminate Brute force(BF) attack, it will only increase the time of computation required.

However, there are new techniques integrated with AES to make it resistant to BF attack e.g honey encryption where the attacker is deceived to believe an unsuccessful attempt was successful.

edited Nov 04 '19 at 19:54

schroeder

123,438
55
284
319

answered Nov 04 '19 at 19:47

FakihaKhan

54
2

How is it vulnerable to MITM? Did you mean "meet in the middle"? – schroeder Nov 04 '19 at 19:53
because AES is symmetric cipher, it can break with biclique attack(MITM) attack though it will take considerable amount of time – FakihaKhan Nov 04 '19 at 20:06
Yes, that's meet in the middle – schroeder Nov 04 '19 at 21:15
1

I'm not seeing how you've added to the other answers. You appear to be repeating them. – schroeder Nov 04 '19 at 21:16

Is AES encryption vulnerable?

3 Answers3

Linked