Uncle Sam publishes an extraordinary quantity of data, much of which is difficult for an average person to assimilate. Today I stumbled upon MetricMash, an wonderful website for exploring a handful of important public data sets.
The tools are fully interactive, which means no settings the parameters and clicking refresh on the graph. You drag the sliders, and while you drag the graph changes. It looks like they use amCharts and Tableau to power their site.
Yesterday I saw Matt Drance’s post about webkit turning ten. He omitted one important fact, and mis-stated another.
First, WebKit does not power “nearly every relevant browser and engine used today”. WebKit does have the mobile space locked up: Android, iOS and WebOS all use WebKit for their mobile browsers. Windows Phone 7 does not. However, on the desktop, WebKit is a distant third. Trident (the IE rendering engine), and Gecko (the Firefox rendering engine) both have a larger share of users than WebKit. Matt’s statement is misleading at best.
Secondly, there was no mention at all of where WebKit came from. It was not born in Cupertino. WebKit was forked from KHTML and KJS, part of the KDE project (yes kids that’s linux). Matt linked to the first changeset in the WebKit repo, here’s the 4th changeset, with a pile of KHTML code.
There is no doubt that WebKit is the best open source rendering engine out there, and Apple did most of the work to make it that way. Here’s my nod to the KDE project for getting that all started, since neither Drance or Gruber gave any props.
I got an email this week from a well-intentioned colleague informing me that AES had been hacked and we should go find another encryption algorithm to use. I assumed he was talking about the Biclique Cryptanalysis of the Full AES by Microsoft Research, a recently published break in the AES algorithm. So what does a break really mean?
Cryptographers (those who practice the art and science of keeping messages secret) always assume that the attacker knows all the details of the encryption algorithm, like having the source code to the encryption software. They also assume the encryption keys are random. Given those assumptions, there are three basic ways for an attacker to get the cleartext of an encrypted message. The first way is to try all of the available encryption keys, knowing that one of them has to be the one that will expose the contents. This is called a brute force attack. The second approach requires exploiting some flaw in the encryption algorithm to eliminate large numbers of potential keys without actually having to try them. The third way would be to get the key or the cleartext via some other method, like stealing the disk from the server that contains the key. If you can’t keep your keys or cleartext safe then it doesn’t matter what encryption algorithm you use. Cryptographers consider an algorithm broken when there is a way to attack it that is faster that brute forcing all of the available keys.
On Jan 2, 1997, the National Institute of Standards and Technology (NIST) announced they were interested in choosing a successor to the Data Encryption Standard (DES). This newly selected algorithm would be known as the Advanced Encryption Standard (AES). Eight months later, after reviewing public input on how the new algorithm should be chosen, they solicited block ciphers supporting key lengths of 128, 192, and 256 bits. They received 15 submissions.
For the next three years, the new algorithms were investigated by cryptographers and performance tested in a variety of settings both software and hardware. In late 2000, Rijndael was announced as the winner, and a year later AES was approved as FIPS PUB 197. There are three authorized variants of Rijndael defined in AES that differ in the key length and the number of rounds: 10 rounds for 128 bit keys, 12 rounds for 192 bit keys, and 14 rounds for 256 bit keys.
In June 2003 the NSA announced that any official variant of AES was secure enough to protect classified information up to the SECRET level; TOP SECRET information requires the use of 192 or 256 bit keys.
So how long would it take to brute force attack a message encrypted with AES using a 128 bit key? It would of course depend on how fast of a device you were using. In June 2011 TOP500 updated their list of the fastest super computers in the world. The fastest one, the K Computer, can do 8,200,000,000,000,000 (8.2 quadrillion) calculations per second. According to the Wall Street Journal (article requires login, google it to get the whole thing without logging in), this device cost $1.25 billion to construct. Let’s borrow it for our attack.
During the NIST selection process, the various algorithms were benchmarked carefully for encryption speed. That paper doesn’t specifically address decryption speed, but it does have one relevant nugget: Rijndael, the eventual winner, takes 1400 clocks to set up a decryption key before you can even try and decrypt anything. For this example we’ll sprinkle pixie dust over the K Computer and speed it up by several orders of magnitude so it can setup a decryption key and decrypt the ciphertext using all 10 rounds of AES-128 in a single clock cycle (or calculation as they are called in the TOP500 list).
Using this now magical device, we could brute force a 56 bit key (the old DES standard used 56 bit keys) in 256 clock cycles, which would take 8 seconds.
Brute forcing a 128 bit key using this device would take 1,315,888,179,366,587 (1.3 quadrillion) years. That’s the same as 1,315,888 billion years. Current scientific models predict the universe to be 13 billion years old. The times required to brute force 192 and 256 bit keys are astronomically larger.
When talking about the cryptanalysis (the art of deciphering coded messages without the key) of AES, it’s important to remember the definition of AES. AES requires the Rijndael algorithm used with a block size of 128 bits and one of the following key lengths and number of rounds: 128 bit key for 10 rounds, 192 bit key for 12 rounds, or a 256 bit key for 14 rounds.
There have been several published breaks of the Rijndael algorithm, many of them require a reduced number of rounds from those specified in AES. In 2009, two significant breaks of AES-192 and AES-256 were published. These attacks exploit the weak key schedule of AES-192 and AES-256 that is not present in AES-128. The best of these breaks on AES-256 reduces the complexity of the attack from 2256 to 2119, a substantial decrease. Nevertheless, it is still not a practical attack. Our magical cracking device would still take 2.5 trillion years to recover an AES-256 key.
The new Biclique Cryptanalysis my co-worker was worried about describes a key recovery attack that works against all three variants of AES. It’s different than most of the other published attacks in several important ways. In many of the other breaks, the attacker requires the use of several different keys which have some sort of mathmatical relationship. These related-key attacks tend to be less practical to implement. Having said that, the Wired Equivalent Privacy (WEP) scheme used in WiFi networks failed because of a related-key attack. The algorithmic weakness was combined with a poor implementation that didn’t use a random key. The new attack is also unique because all three AES variants are affected, it is a different attack vector than the key schedule weakness in AES-192 and AES-256.
In the abstract of the new paper the authors state:
As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way.
So what do they mean by “high computational complexity”. When applied to AES-128, they reduce the computational complexity from 2128 to 2126.1. Instead of taking 1.3 quadrillion years, our magical cracking supercomputer would only need 328 trillion years.
There are still no known practical attacks on AES, there is still plenty of safety margin on all three AES variants. Bruce Schneier, a widely recognized security expert, weighs in on the new attack:
And for new applications I suggest that people don’t use AES-256. AES-128 provides more than enough security margin for the forseeable future.
There is no need to have NIST call for new algorithms and choose a new standard and there is certainly no need for my colleague to switch from AES to Serpent. Even so, attacks always get better, they never get worse.
Maybe we can teach our magical supercomputer how to steal someone’s password.
I’ve made a new release of jactiveresource, a Java port of the ActiveResource module in Rails. Many classes have been refactored, enabling better test coverage. Creation of http client objects has been refactored as well, making it super easy to implement any authentication scheme out there. Thanks to Filepe Leme for his contributions in this release.
North Face of the Eiger
Source: Wikipedia Author: Terra3
The North Face of the Eiger. You’ve probably heard of this 3,970m (13,025 feet) mountain in the Swiss Alps. The gentler western flank was first climbed on August 11, 1858. The first attempt on the north face was made in 1934, but they turned back before reaching the summit. Two Germans got trapped in a snowstorm in 1935 and froze to death at a place now known as “Death Bivouac”. In 1936, four climbers set out but they got stuck in bad weather, and three of them were swept away by an avalanche. A rescue party of three seasoned guides set out to bring back Toni Kurz, the remaining climber. The guides got within shouting distance but Toni had to spend an extra night on the mountain and got frostbite on one entire hand and arm. The next day Kurz got stuck on the top side of an unclimbable overhang and slowly froze to death with the rescuers close enough to touch his crampons with their ice axes. The next year, despite being caught in an avalanche as they climbed “the Spider”, Anderl Heckmair, Ludwig Vörg, Heinrich Harrer and Fritz Kasparek hung on and reached the summit via the north face on July 24, 1938. It took them 3 days to get there, and they were forced to descend in a raging blizzard.
At least 64 people have died since 1935 climbing the Eiger. The perilous north face has a German nickname: Mordwand, which means “death wall”. In 1912 a railway line called the Jungfraubahn opened with most of it’s track running in tunnels through the Eiger and it’s neighboring mountain the Mönch, but that’s a story for another time (lots of people died building the railroad too). Most serious mountaineering is done in the summer months, when the temperatures are warmer and the threat of storms is somewhat less. The dangers of rockfall are so great on the Eiger that it’s safer to climb before the ice melts, because there are fewer falling rocks.
Ueli Steck climbed the North Face of the Eiger. Alone. In 2 hours 47 minutes 33 seconds.
He used the same route as Heckmair, sometimes called the Classic 1938 route, which because of the zigzagging back and forth requires 4,000 meters of climbing. Steck averaged nearly 24 meters per minute. After an adrenaline filled couple of hours, where a mistake means you fall 1,000 meters to your death, with lungs burning from the run/crawl to the summit, Ueli says (with typical Swiss understatement) “It was a good moment.”