Researchers Find Flaw in Advanced Encryption Standard (AES). Don't Panic Yet.

Researchers at a K.U.Leuven university in Belgium have identified flaws in AES, the encryption algorithm used by hundreds of millions users worldwide securing everything from ecommerce transactions using SSL to file encyrption tools including the popular BitLocker on PCs and FileVault on Mac OS X.

Researchers Andrey Bogdanov, Dmitry Khovratovich and Christian Rechberger came up with a clever new attack that can recover the secret key four times easier then previously thought.

This institution has form having been involved in the development of the original algorithm, Rijndael which was launched by AES (Advanced Encryption Standard) in November 2001.

But don't panic yet, some serious computer processing muscle is required to crack the code, as the researchers point out,

"Even with the new attack, the effort to recover a key is still huge: the number of steps to find the key for AES-128 is an 8 followed by 37 zeroes. To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key. Note that large corporations are believed to have millions of machines, and current machines can only test 10 million keys per second."

Two billion years is a long time, although if you believe Moore's Law - processing power will double every two years - perhaps it's not so long before new encryption tools are needed.

Photo (cc) J Brew.