Learn, hack!

URL

https://media.blackhat.com/bh-ad-11/Aumasson/bh-ad-11-Aumasson-CryptanalysisVSReality_Slides.pdf

File name

bh-ad-11-Aumasson-CryptanalysisVSReality_Slides.pdf

File size

4.6 MB

MD5

c465792bf14c39f28d4f3b25be459e8d

SHA1

109904bcc62fba9726d1943212bef66088b95057

It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to: Side-channel leakage (padding oracle attacks, etc.) Attacks on the implementation (key extraction through fault attacks, etc.) Complete bypass (after theft of keys à la DigiNotar, etc.) Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.