MIT News: Encryption Is Less Secure Than We Thought

The problem, Médard explains, is that information-theoretic analyses of secure systems have generally used the wrong notion of entropy. They relied on so-called Shannon entropy, named after the founder of information theory, Claude Shannon, who taught at MIT from 1956 to 1978.

Shannon entropy is based on the average probability that a given string of bits will occur in a particular type of digital file. In a general-purpose communications system, that’s the right type of entropy to use, because the characteristics of the data traffic will quickly converge to the statistical averages. Although Shannon’s seminal 1948 paper dealt with cryptography, it was primarily concerned with communication, and it used the same measure of entropy in both discussions.

But in cryptography, the real concern isn’t with the average case but with the worst case. A codebreaker needs only one reliable correlation between the encrypted and unencrypted versions of a file in order to begin to deduce further correlations. In the years since Shannon’s paper, information theorists have developed other notions of entropy, some of which give greater weight to improbable outcomes. Those, it turns out, offer a more accurate picture of the problem of codebreaking.

When Médard, Duffy and their students used these alternate measures of entropy, they found that slight deviations from perfect uniformity in source files, which seemed trivial in the light of Shannon entropy, suddenly loomed much larger. The upshot is that a computer turned loose to simply guess correlations between the encrypted and unencrypted versions of a file would make headway much faster than previously expected.

“It’s still exponentially hard, but it’s exponentially easier than we thought,” Duffy says. One implication is that an attacker who simply relied on the frequencies with which letters occur in English words could probably guess a user-selected password much more quickly than was previously thought. “Attackers often use graphics processors to distribute the problem,” Duffy says. “You’d be surprised at how quickly you can guess stuff.”

More: Encryption Is Less Secure Than We Thought - MIT News Office

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
Who Is, or Was, the Greatest Martial Artist in History?I only got to the rank of 2nd degree black belt in Chinese & American Kenpo, so I am certainly no expert. I earned all my higher belts at American Karate Studios in Northeastern Ohio, and was a competitor on ...
Samuel Vargo
5 days, 15 hours ago
Views: 333 • Comments: 4 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Way We Regulate Self-Driving Cars Is Broken—here’s How to Fix It The key issue is this: the current system is built around an assumption that cars will be purchased and owned by customers. But the pioneers of the driverless world—including Waymo, Cruise, and Uber—are not planning to sell cars to ...
Thanos
5 days, 18 hours ago
Views: 322 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Android’s Trust Problem Isn’t Getting Better Android security is largely failing due to a smorgasbord of issues and lies. Published today, a two-year study of Android security updates has revealed a distressing gap between the software patches Android companies claim to have on their devices ...
Thanos
1 week ago
Views: 580 • Comments: 3 • Rating: 2
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Tour of the Moon in 4K Take a virtual tour of the Moon in all-new 4K resolution, thanks to data provided by NASA's Lunar Reconnaissance Orbiter spacecraft. As the visualization moves around the near side, far side, north and south poles, we highlight interesting features, ...
Thanos
1 week ago
Views: 547 • Comments: 0 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Vermont Governor Signs Sweeping Gun Control Measures Vermont Gov. Phil Scott on Wednesday signed sweeping gun control measures -- including limits on the size of magazines -- that the Legislature passed last month after contentious debate. The measures:-- Raise the minimum age for gun buyers to ...
Thanos
1 week, 1 day ago
Views: 638 • Comments: 1 • Rating: 1
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Roseanne Barr Is Tweeting About QAnon, a New Pizzagate-Style Conspiracy Theory Barr's been full metal Trump-loving wingnut in a social liberal suit for a long long time. This is why I would never watch her show, and why I won't be spending money with advertisers on her show once someone ...
Thanos
2 weeks, 5 days ago
Views: 1,929 • Comments: 0 • Rating: 2
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0