An interesting thing about some modern standardized ciphers, like AES, is that the government is “eating its own dogfood” by using them internally. (AES 192 and 256 are approved for top-secret data.) Back in the day (up through the 90s), U.S. government internal encryption standards was not closely aligned with public sector cryptography, and we largely had to speculate as to whether public crypto could hold up to the government standards; the NSA had a history of knowing more crypto than they let on. But now that they are willing to stake their own security on them, that seems like a decent endorsement of those algorithms.
The U.S. government has conflicting goals: they want to be able to break crypto, but at the same time, in the interest of protecting the citizen in the digital age, they want us to be protected against the crypto attacks of others. So much of our modern economy relies on crypto that we want a high security margin on it. Since the 90s, crypto knowledge in the public and foreign intelligence domains has sky rocketed, and a vulnerability that the NSA can exploit is possibly a vulnerability that someone else can exploit. So at the drafting of AES, we doubt that they were focused on choosing a candidate that could be broken and kind of suspect they wanted a candidate that could not be.
Since you only break crypto when you don’t have the key, to compromise those two goals they could just allow us mathematically secure crypto, then focus on getting the keys instead. If they can recover keys, they don’t care how strong our crypto is. Attacking the endpoints that generate the keys is not always as hard as it seems (consider how many user and corporate machines get infected with malware, and think about what sort of key-related backdoors could be planted in popular software), and a simple subpoena might get keys in some situations. As more user data moves toward the cloud, backdoors in public services (voluntarily provided or not) are going to make the job of key recovery even easier.
Summary of these two points:
The federal government is allowed to use AES for top-secret information.
We don’t know that they would actually want AES to be mathematically breakable, so at the AES competition 11 years ago it is possible they would have avoided any algorithm they thought they could break in the near future.
None of that is proof, but we tend to assume that the NSA can’t break AES.
View original post here:
encryption – How secure is AES-256? – Cryptography Stack …