views:

876

answers:

7

Imagine I have this:

$cdata = AES_256($data, $pass);

AES_256 algorithm is: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

If I know the content of $cdata and the content of $data and also have the AES256() code, can I reverse engineer and find $pass?

+1  A: 

You could brute force it, but it would take a long time. As in decades or even longer. That's the point of encryption algorithms like AES.

Unknown
The duration you are looking for is not "decades". It's more like "heat death of the universe".
joeforker
@joeforker and in 20-30 years I'm sure we'll be laughing about how trivial it is to break AES 256 and current encryption uses megabyte keys to keep up with computers.
Chris Marisic
A: 

Of course not - the only approach is brute force. Do you really think NIST is so stupid as to choose a cipher that is so easily cracked for a new standard?

Francis
NIST isn't perfect.
e5
+6  A: 

Simple answer... NO.

This has been tested, and mentioned in the Wiki link.

A related-key attack can break up to 9 rounds of 256-bit AES. A chosen-plaintext attack can break 8 rounds of 192- and 256-bit AES, and 7 rounds of 128-bit AES, although the workload is impractical at 2^128 - 2^119.

Or put it another way... you have a better chance of being struck by lighting...on the same day you win the Lottery, than breaking it!!

kevchadders
"break up to 9 rounds of 256-bit AES"What is a "round" in this definition?
acemtp
+5  A: 

This is called a known-plaintext attack. A good cipher like AES should be immune to it, as the others explained.

starblue
+1  A: 

Another quote, from Wikipedia:

AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2^128 times more computational power than a 128-bit key. A device that could check a billion billion (10^18) AES keys per second would require about 3 x 10^51 years to exhaust the 256-bit key space.

Brute forcing when you know the original text might be faster but still, 3 x 10^51 years is a long time. Plus there's the problem of probably not having a device that can check a billion billion (10^18) keys/second.

In short: everything is possible, but this is not feasible in the world we are now living in.

Cloud
+2  A: 

If $pass is actually a password and not a 256-bit key, you may be in luck.

While it is far from trivial to perform, a brute-force attack against a normal password is much faster than brute-forcing a 256-bit key.

So modify one of the many password-brute-forcing tools, and you have a attack that (depending on the strength of the password) might take weeks to several years - but that is fast compared to 3x10^51 years...

Rasmus Faber
+1  A: 

AES, like all good crypto algorithms, doesn't rely on security through obscurity.

In other words, there are no "secrets" in the code, so you having the code won't help you particularly.

Known plaintext is a separate issue, which I don't know much about so I'll leave that up to the other answerers.

Blorgbeard