Encryption AES - is there really a backdoor

[Jason Cooper]

The reason isn't to take longer generating the hash at all. Nearly all hash and encryption algorithms have a number of rounds which, loosely, the more rounds the more messed up the information. But due to some quirks of Maths, if you do certain numbers of rounds they will be significantly less secure than if you added a couple more. The number of rounds that the algorithms do is normally set on the implementation.

Passwords should always be hashed as the first thing that happens, even before looking up a username to compare the hashes against. I never looked into what OSs do this or not, but it should be all and all other software should do it as well.

I suggest you read this paper before stating that reason for the number of rounds isn't to take longer, yes there are other reasons for using a larger number of rounds but the ability to extend the cost of calculating a hash as hardware advances without having to change the algorithm makes some hashing algorithm a better choice for hashing passwords than others.

I agree that passwords should always be hashed first then the list of users searched for a match (it is also a good idea to make sure that the searching of the list of users takes the same length of time or you could still face the same leak on large userlists)

[PC646]

Quote: The proof that AES has no government backdoor is the fact that they use it themselves

Actually that isnt true. AES 128 is ok for two levels of classified data. This is how you know its been cracked...

The United States has three levels of classification: confidential, secret, and top secret. Each level of classification indicates an increasing degree of sensitivity and type of encryption. The NSA doesn't use AES 128-bit for TOP SECRET for a reason, they know its been cracked or has a back door (probably made by them). If they trusted AES like the math shows, it shouldn't be able to be cracked with today or tomorrows computers.

Also lets look at who would have similar resources to crack it, Britain, Russia, China...

[DHT420]

Actually that isnt true. AES 128 is ok for two levels of classified data. This is how you know its been cracked...

The United States has three levels of classification: confidential, secret, and top secret. Each level of classification indicates an increasing degree of sensitivity and type of encryption. The NSA doesn't use AES 128-bit for TOP SECRET for a reason, they know its been cracked or has a back door (probably made by them). If they trusted AES like the math shows, it shouldn't be able to be cracked with today or tomorrows computers.

Also lets look at who would have similar resources to crack it, Britain, Russia, China...

The NSA uses AES-256 for Top Secret data because this data may need protecting for decades of time into the future. It has nothing to do with fears about current cryptanalysis, it's a safety measure that is part preparedness and part superstition. As far as NSA making "backdoors", you're either implying that all AES software distributed today has a U.S. government agency-regulated exploit, or that the Rijndael algorithm itself is a giant mathematical mousetrap made in collusion with the NSA. I can assure you, both of these are highly unlikely.

Most, if not all, cryptographers attest to AES's security, despite their personal misgivings about it. Bruce Schneier himself believes in the security of AES, even if he prefers Twofish and Blowfish.

I don't think we have anything to worry about. If AES was crackable, the NSA would not be using it at ALL.

[PC646]

The NSA uses AES-256 for Top Secret data because this data may need protecting for decades of time into the future. It has nothing to do with fears about current cryptanalysis, it's a safety measure that is part preparedness and part superstition. As far as NSA making "backdoors", you're either implying that all AES software distributed today has a U.S. government agency-regulated exploit, or that the Rijndael algorithm itself is a giant mathematical mousetrap made in collusion with the NSA. I can assure you, both of these are highly unlikely.

Most, if not all, cryptographers attest to AES's security, despite their personal misgivings about it. Bruce Schneier himself believes in the security of AES, even if he prefers Twofish and Blowfish.

I don't think we have anything to worry about. If AES was crackable, the NSA would not be using it at ALL.

Your logic is wrong... A) Decades old information would be worthless or reencrpyted and B) even with where computers will be someday the math for 128 bit still is millions of years of cracking... So why be so paranoid of something that truly is next to impossible to crack in any of our lifetimes? Backdoor, supermachine, super rainbow tables, something has them spooked. I vote for UFOs.

[DHT420]

Your logic is wrong... A) Decades old information would be worthless or reencrpyted and B) even with where computers will be someday the math for 128 bit still is millions of years of cracking... So why be so paranoid of something that truly is next to impossible to crack in any of our lifetimes? Backdoor, supermachine, super rainbow tables, something has them spooked. I vote for UFOs.

"Decades old information would be worthless"

I find that hard to believe. The data maintained by the NSA isn't of evanescent relevance, it remains quite valuable and important. So, why wouldn't they just re-encrypt it? They probably would. But they want the strongest assurance possible.

"So why be paranoid"

Because that is what they're paid to do. If they are given the choice between 128-bit and 256-bit, and told that 256-bit is stronger, they will go with the stronger solution. In their mind, it is their job to have the utmost highest level of security. I never said it was rational/logical, it is just how the NSA thinks. Just look at the consumer encryption market. Most people want XXX SUPER-ENCRYPTION STANDARD 99999-BITS encryption for their dog photos. It has nothing to do with logical predictions about the security of the algorithm. It's human nature.