Possible hardware approach on finding vita's encryption key

[Xian Nox]

Advertising

That's what people thought about DES too. Yet around 30 years after it was standardized, breaking it became an issue.

[Davee]

Advertising

AFAIK AES is still algorithm of choice for protecting sensitive data due to the fact that no known vulnerability exists and it isn't broken yet.

AES proved vulnerable by Microsoft researchers

Complexity of AES256 is still 2^254.4

[JJS]

That's what people thought about DES too. Yet around 30 years after it was standardized, breaking it became an issue.

This should not be a concern when designing the security of a game system. Nobody cares if the encryption is theoretically broken in 30 years as the system will be totally obsolete by that time. So even if there was an attack on AES that would reduce the complexity tremendously, it shouldn't matter imho if the attack still takes years to perfom.

Also it is certainly beneficial to the overall security if an established, well-known algorithm is used instead of "the next big thing" which might either turn out to be less secure, or more likely be implemented poorly (due to lack of experience with the algorithm).

[Acid_Snake]

AES proved vulnerable by Microsoft researchers

So in practice the sun may have swallowed the earth by the time they have cracked the code? If that's "vulnerable," then I guess everything is.

I'm going to agree with that guy^

I stopped reading the moment I saw the word Microsoft next to the word researcher

[hoinzy]

I think its inappropriate to open another Thread on this so:
Regarding the Encryption, was someone else wondering, how fast a downloaded game from psn actually gets decrypted?
My installation of the Resistance: Burning Skies Demo (~3,5GB) took only seconds to install. So my conclusion would be...either the game gets decrypted while beeing downloaded,
or it is just a most likely weak but fast encryption. Either way, while downloading, i think there will be not much more than the decryption handled by the cpu (or is that a false assumption?).

[sss0]

The vulnerabilities normally found, are not because of a bad cipher, we all know AES is secure.
But rather, how they are implemented!
For example, in AES, you must provide a first key to encrypt the first block and only then the general key to always encode the rest.
If the "first key" is repeated in any encryption, the system can already be broken under a chosen plaintext attack. Now, if they forgot to use this "first key", the same applies. Or even if this "first key" is not truly random.

To summarize: AES is secure. AES incorrectly implemented is not.

[Davee]

You can reuse AES keys as there is no "known plaintext" attacks for it.
However, CTR mode for any cipher has the known plaintext attack, and the key cannot be repeated specifically, the nonce/IV.

[rog]

AES proved vulnerable by Microsoft researchers

So in practice the sun may have swallowed the earth by the time they have cracked the code? If that's "vulnerable," then I guess everything is.

I'm going to agree with that guy^

There may not be any practical way to break aes, but contrary to what was stated, there is indeed a known vulnerability.

[GonnaGetPSVita]

how about possibility with current PS3 DEX ?