docrice
join:2008-03-31
Fremont, CA
| reply to Matt26
Re: breaking 256 bit AES encryption
In addition to "AES," you might want to look up "CCMP" as well.
The use of encryption in securing data isn't for creating an expectation of absolute security. In another lifetime far away, WEP may have been enough of a security measure. Times have changed, of course, and very quickly. It's all about understanding the risk level in regards to your information, how much it costs to secure it, and what's a reasonable level of security.
If your data only needs to be secure for 100 years but it's well-known that the encryption could be defeated in 10, assuming the attacker had x amount of computing resources at her disposal and y amount of time to try out all possible keys, would that be acceptable? For most people probably not. But flip it a bit and say that it couldn't be done under a million years, then it's probably "good enough."
New attack methods are eventually discovered, bugs exist within implementations, etc.. For right now, WPA2 using AES-CCMP is good enough, but if you're using pre-shared key it all assumes that you chose a relatively strong passphrase to build your Pairwise Master Key upon. Anything can be brute-forced given enough resources. It's just a matter of making it difficult enough to deter the attacker to go somewhere else. |
