{"id":32326,"date":"2017-06-27T17:41:07","date_gmt":"2017-06-27T21:41:07","guid":{"rendered":"http:\/\/www.opensource.im\/uncategorized\/aes-256-encryption-cracked-by-dutch-researchers-with-just-200-of-equipment-www-computing-co-uk.php"},"modified":"2017-06-27T17:41:07","modified_gmt":"2017-06-27T21:41:07","slug":"aes-256-encryption-cracked-by-dutch-researchers-with-just-200-of-equipment-www-computing-co-uk","status":"publish","type":"post","link":"https:\/\/euvolution.com\/open-source-convergence\/encryption\/aes-256-encryption-cracked-by-dutch-researchers-with-just-200-of-equipment-www-computing-co-uk.php","title":{"rendered":"AES-256 encryption cracked by Dutch researchers with just $200 of equipment &#8211; www.computing.co.uk"},"content":{"rendered":"<p><p>    Researchers in the Netherlands claim to have cracked AES-256    standard encryption using little more than $200 of    equipment.  <\/p>\n<p>    Security firm Fox-IT claims, together with another company    called Riscure, to have created a method for eavesdropping on    security enabled through proximity, in what is known as a side    channel attack.  <\/p>\n<p>    The researchers put together a piece of kit worth less than    $200 and were able to wirelessly extract AES-256 encryption    keys from a distance of one metre. They suggested that the    attack can be carried out by people on all budgets and with all    kinds of means.  <\/p>\n<p>    \"The recording hardware can range from extremely high-end radio    equipment, down to 20 USB SDRs. We have found that even the    cheap USB dongles can be used to attack software    implementations!\" they said. \"This is not a game    exclusively for nation states, but also anyone with pocket    money and some free time.\"  <\/p>\n<p>    Usually, such an attack would require direct access and    manipulation. But Fox-IT found that it was possible just to    swan past the target with a bag of SDR, amplifiers, filters,    and an antenna and to capture the required information    withoutthe target being aware of the attack.  <\/p>\n<p>    \"Using this approach only requires us to spend a few seconds    guessing the correct value for each byte in turn (256 options    per byte, for 32 bytes  so a total of 8,192 guesses),\" claimed    Fox-IT.  <\/p>\n<p>    \"In contrast, a direct brute-force attack on AES-256 would    require 2^256 guesses and would not complete before the end of    the universe.\"  <\/p>\n<p>    The next challenge is distance. Currently, Fox-IT has only    reached a distance of 30cm but claims that afull meter is    possiblein the right circumstances.  <\/p>\n<p>    \"Our work here has shown a proof of concept for TEMPEST attacks    against symmetric crypto such as AES-256.  <\/p>\n<p>    \"To the best of our knowledge, this is the first public    demonstration of such attacks. The low bandwidth requirements    have allowed us to perform the attack with surprisingly cheap    equipment (20 radio, modest amplifiers and filters) at    significant distances,\" it added.  <\/p>\n<p>    \"In practice, this setup is well suited to attacking network    encryption appliances. Many of these targets perform bulk    encryption (possibly with attacker controlled data) and the    ciphertext is often easily captured from elsewhere in the    network.\"  <\/p>\n<p><!-- Auto Generated --><\/p>\n<p>Read this article:<br \/>\n<a target=\"_blank\" href=\"https:\/\/www.computing.co.uk\/ctg\/news\/3012705\/aes-256-encryption-cracked-by-dutch-researchers-with-just-usd200-of-equipment\" title=\"AES-256 encryption cracked by Dutch researchers with just $200 of equipment - www.computing.co.uk\">AES-256 encryption cracked by Dutch researchers with just $200 of equipment - <a href=\"http:\/\/www.computing.co.uk\" rel=\"nofollow\">http:\/\/www.computing.co.uk<\/a><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Researchers in the Netherlands claim to have cracked AES-256 standard encryption using little more than $200 of equipment. Security firm Fox-IT claims, together with another company called Riscure, to have created a method for eavesdropping on security enabled through proximity, in what is known as a side channel attack. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[],"class_list":["post-32326","post","type-post","status-publish","format-standard","hentry","category-encryption"],"_links":{"self":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts\/32326"}],"collection":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/comments?post=32326"}],"version-history":[{"count":0,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts\/32326\/revisions"}],"wp:attachment":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/media?parent=32326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/categories?post=32326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/tags?post=32326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}