View unanswered posts View active topics


Forum Home  Board index    Tell Us What You Think    Feedback





Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
forumtools   forumtools

Interesting AES Article

Author Message
Julian
 Post subject: Interesting AES Article
PostPosted: Thu Aug 06, 2009 2:19 pm 
Offline

Joined: Thu Nov 27, 2008 5:48 pm
Posts: 153
I wasn't sure whether to post this in the "Off Topic" sub-forum but it does relate to AES, which is what LastPass uses, so I thought I'd put it here.

My post is definitely intended to be for interest though, not a complaint or attempt at a scare that LastPass is using unsecure technology, because even the cryptographer quoted (Bruce Schneier) says that this new exploit is strong enough to be "almost practical" (i.e. not actually practical) but it's still somewhat interesting.

One quote from the article is: "One technique against the 11-round version of the cipher can be completed in 2^70 operations" I doubt that anyone short of the NSA has much chance of completing 2^70 operations in any sensible time but what is this "11-round version"? What version of AES (how many rounds) does LastPass use?

Here's the article: http://www.theregister.co.uk/2009/08/03 ... to_attack/

- Julian
Top
 Profile  
 
 
 
JoeSiegrist
 Post subject: Re: Interesting AES Article
PostPosted: Thu Aug 06, 2009 3:16 pm 
Offline

Joined: Wed Aug 20, 2008 10:40 am
Posts: 3374
It's definitely looks like an interesting attack, though doesn't look to be in any way practical for use against your data stored in LastPass:

from article wrote:
Related-key attacks require a message to be encrypted with one key that is later changed to one or more different keys. It's usually hard for an outsider to control what keys get used, so the technique is considered hard to carry out under real-world settings.


Bruce Schneier wrote:
There are three reasons not to panic:
- The attack exploits the fact that the key schedule for 256-bit version is pretty lousy -- something we pointed out in our 2000 paper -- but doesn't extend to AES with a 128-bit key.
- It's a related-key attack, which requires the cryptanalyst to have access to plaintexts encrypted with multiple keys that are related in a specific way.
- The attack only breaks 11 rounds of AES-256. Full AES-256 has 14 rounds.


Your key only changes when you change your email/master password... and since SHA-256 is used to create the key your key won't be related. It is definitely surprising that this only impacts the 256-bit key version of AES (which is what LastPass uses), but also LastPass doesn't don't know the plain text, and LastPass is using all 14 rounds of AES which isn't impacted.

Joe
Top
 Profile  
 
 
 
benphane
 Post subject: Re: Interesting AES Article
PostPosted: Thu Aug 06, 2009 4:35 pm 
Offline

Joined: Tue Mar 10, 2009 2:59 am
Posts: 19
Thanks for the detailed response. Saved me from a ton of googling that I would never get to. As indicated in the initial post, this isn't even a slightly real world threat. With regard to lastpass, it seems one would have to have lost their entire computing environment along with some extensive data history that shouldn't even exist. In such a case, lastpass would probably be the least worrisome thing going on. :o

_________________
lastpass 1.51.3 / Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) kernel-2.6.31-rc5 // KDE 4.3 Firefox/3.0.13

Top
 Profile  
 
 
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Forum Home  Board index    Tell Us What You Think    Feedback



Who is online

 

Users browsing this forum: Google Feedfetcher and 2 guests
 

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

 
Jump to:  

yukari
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

© LastPass 2010