AES hacking

AES hacking

am 28.11.2007 21:29:15 von sokrAtes

Hello,

I=B4m trying to get me into AES. I don=B4t know whether I understand it
right, but I think there is an input string and a key which is passed
to the encryption algorithm. Then I get back the encrypted string. To
decrypt it, I have to supply the key and the encrypted string.

Now, how do I find out the key if I have an input value, and an output
value (in fact, I can generate more and with any content)?
Are there tools or Ruby/Perl/Python/PHP snippets that let me do this?
Or, just give me some theoretical info.

Thanks!
sokrAtes

Re: AES hacking

am 28.11.2007 22:46:33 von Sebastian Gottschalk

sokrAtes wrote:


> Now, how do I find out the key if I have an input value, and an output
> value (in fact, I can generate more and with any content)?


Since AES is secure so far, your best chance to simply try all possible
keys. Since they're so many (2^keylength), this is infeasible.

> Are there tools or Ruby/Perl/Python/PHP snippets that let me do this?


Sure, it's trivial to write.

Re: AES hacking

am 30.11.2007 16:49:05 von sokrAtes

On 28 Nov., 22:46, "Sebastian G." wrote:
> Sure, it's trivial to write.

Can you point me to an adress where I can find information on how to
do it?
I=B4m not finding anything useful when searching with $searchengine$...

Re: AES hacking

am 30.11.2007 18:42:19 von SafeBoot Simon

On Nov 30, 10:49 am, sokrAtes wrote:
> On 28 Nov., 22:46, "Sebastian G." wrote:
>
> > Sure, it's trivial to write.
>
> Can you point me to an adress where I can find information on how to
> do it?
> I=B4m not finding anything useful when searching with $searchengine$...

As Sebastian says, given the input and output, the only way to derive
the key is to try every single one, so what you need to do is
IMPLEMENT aes encryption, then try every key.

of course, it's going to take you until the end of the universe to do
that, so why bother starting?

S.

Re: AES hacking

am 30.11.2007 20:14:56 von sokrAtes

On 30 Nov., 18:42, SafeBoot Simon wrote:
> end of the universe

Now, what if the key is 10 chars long...
They would be 2^10 = 1024 possible keys, which is not really much to
try out.

Re: AES hacking

am 30.11.2007 23:00:40 von Sebastian Gottschalk

sokrAtes wrote:

> On 30 Nov., 18:42, SafeBoot Simon wrote:
>> end of the universe
>
> Now, what if the key is 10 chars long...
> They would be 2^10 = 1024 possible keys, which is not really much to
> try out.


Excuse me, I though you meant 2^(10*ld(possible chars)), so typically this
turns out to be 2^60, which still is a lot.

Re: AES hacking

am 05.12.2007 14:01:44 von SafeBoot Simon

On Nov 30, 5:00 pm, "Sebastian G." wrote:
> sokrAtes wrote:
> > On 30 Nov., 18:42, SafeBoot Simon wrote:
> >> end of the universe
>
> > Now, what if the key is 10 chars long...
> > They would be 2^10 = 1024 possible keys, which is not really much to
> > try out.
>
> Excuse me, I though you meant 2^(10*ld(possible chars)), so typically this
> turns out to be 2^60, which still is a lot.

I think AES only works at 128 bit minimum keys, so even 2^60's not
going to help...

Re: AES hacking

am 05.12.2007 15:08:31 von Sebastian Gottschalk

SafeBoot Simon wrote:


> I think AES only works at 128 bit minimum keys, so even 2^60's not
> going to help...


We're talking about a reduced keyspace with an efficient key preprocessing.