http://web.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html
> Encryption is less secure than we thought > > For 65 years, most information-theoretic analyses of cryptographic systems > have made a mathematical assumption that turns out to be wrong. > The problem, Médard explains, is that information-theoretic analyses of > secure systems have generally used the wrong notion of entropy. They relied > on so-called Shannon entropy, named after the founder of information theory, > Claude Shannon, who taught at MIT from 1956 to 1978. > > Shannon entropy is based on the average probability that a given string of > bits will occur in a particular type of digital file. In a general-purpose > communications system, that’s the right type of entropy to use, because the > characteristics of the data traffic will quickly converge to the statistical > averages. Although Shannon’s seminal 1948 paper dealt with cryptography, it > was primarily concerned with communication, and it used the same measure of > entropy in both discussions. > > But in cryptography, the real concern isn’t with the average case but with > the worst case. A codebreaker needs only one reliable correlation between the > encrypted and unencrypted versions of a file in order to begin to deduce > further correlations. In the years since Shannon’s paper, information > theorists have developed other notions of entropy, some of which give greater > weight to improbable outcomes. Those, it turns out, offer a more accurate > picture of the problem of codebreaking. > > When Médard, Duffy and their students used these alternate measures of > entropy, they found that slight deviations from perfect uniformity in source > files, which seemed trivial in the light of Shannon entropy, suddenly loomed > much larger. The upshot is that a computer turned loose to simply guess > correlations between the encrypted and unencrypted versions of a file would > make headway much faster than previously expected. > > “It’s still exponentially hard, but it’s exponentially easier than we > thought,” Duffy says. One implication is that an attacker who simply relied > on the frequencies with which letters occur in English words could probably > guess a user-selected password much more quickly than was previously thought. > “Attackers often use graphics processors to distribute the problem,” Duffy > says. “You’d be surprised at how quickly you can guess stuff.” -- Kim Holburn IT Network & Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:[email protected] aim://kimholburn skype://kholburn - PGP Public Key on request _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
