Learn, hack!

URL

https://media.blackhat.com/bh-ad-11/Aumasson/bh-ad-11-Aumasson-CryptanalysisVSReality_WP.pdf

File name

bh-ad-11-Aumasson-CryptanalysisVSReality_WP.pdf

File size

167.7 KB

MD5

bb02d1d2c81c28b96ae8d00fbfd905ac

SHA1

9c5048c7d8351857af5e3a1f4c5ce29636f2d6e4

It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to: Side-channel leakage (padding oracle attacks, etc.) Attacks on the implementation (key extraction through fault attacks, etc.) Complete bypass (after theft of keys à la DigiNotar, etc.) Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.