In my last post, I discussed the number 2128 and explained why it’s not possible to brute-force 2128 possible keys. Does this mean that we can use 128-bit cipher like AES with confidence? Not quite. Brute-force against AES with 128-bit or larger keys is impossible with any non-quantum computer we will build for the foreseeable future, but that’s only one avenue of attack. In practice, cryptosystems are broken in a variety of ways. Sometimes, the algorithm is flawed. Other times, the algorithm is sound but the implementation is bad.
This post attempts to explain, at a high level, some of the technical vulnerabilities that exist in real-world cryptosystems. I
hope that it will help developers, IT and security people gain a basic
understanding of the difficulties that exist and give them some ideas of what to look for in code reviews, testing, or product selection. I also hope to make clear why writing your own implementation is usually a bad idea. For more information, check out the book Cryptography Engineering and Matthew Green’s blog. For a look at management/business failures, check out Ross Anderson's Why Cryptosystems Fail.
