In this note the authors present the first attack with feasible complexity on the 13-round AES-256. The attack runs in the related-subkey scenario with four related keys, in 2^{76} time, data, and memory.

It is still far from a really practical attack on the full cipher, but once again shows that proper cryptographic hygiene should be used, that is the keys must be derived with a proper key derivation function (KDF) and not by “xoring with a constant”.

While speaking about cryptographic hygiene, let me remind everyone that the CBC mode of operation requires random IV (and random does not mean the previous one plus 1).

Tags: AES, Cryptography, embedded security

This entry was posted on Monday, May 17th, 2010 at 09:00 and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.