Monday, April 03, 2006
More Extreme Tech...
It appears that our last post on the ExtremeTech site caused a bit of a stir. Below is a response to one user's skepticism regarding the inherent security issues with online storage:
"What you've identified regarding data security is somewhat accurate, no cryptographic system or encryption algorithm is entirely secure. The aim of protecting an asset, digital or otherwise, is to make the cost of successfully attacking it exceed the value of obtaining it.
That said, by constantly evaluating and upgrading our security policies and procedures, we're able to identify and prevent most motivated and sophisticated attacks. While we've thought a great deal about this issue, this isn't exactly the forum for our philosophy; anyone interested in reading it can do so here:
http://www.elephantdrive.com/help/faq.aspx#qSecurity
Lastly, regarding a "crack" of 128-bit Rijndeal (AES), I assume you are referring to the recent speculation by cryptologists Nicolas Courtois and Josef Pieprzyk of the algorithm's purported vulnerability to XSL algebraic attack techniques. Forgetting about the fact that most experts are skeptical of Courtois' math (which represents AES as an overdefined system of multivariate quadratic equations), its important to note that this is completely theoretical cryptanalysis, and that no one has been able to demonstrate breaking even a simplified version of Rijndael (AES), in a lab or anywhere else. It isn't even remotely practical. Perhaps in 10-15 years computing power might reach the point where this would be a cause for concern. If so, we'll have switched to something stronger. In fact, in anticipation, we've switched to 256-bit keys."
"What you've identified regarding data security is somewhat accurate, no cryptographic system or encryption algorithm is entirely secure. The aim of protecting an asset, digital or otherwise, is to make the cost of successfully attacking it exceed the value of obtaining it.
That said, by constantly evaluating and upgrading our security policies and procedures, we're able to identify and prevent most motivated and sophisticated attacks. While we've thought a great deal about this issue, this isn't exactly the forum for our philosophy; anyone interested in reading it can do so here:
http://www.elephantdrive.com/help/faq.aspx#qSecurity
Lastly, regarding a "crack" of 128-bit Rijndeal (AES), I assume you are referring to the recent speculation by cryptologists Nicolas Courtois and Josef Pieprzyk of the algorithm's purported vulnerability to XSL algebraic attack techniques. Forgetting about the fact that most experts are skeptical of Courtois' math (which represents AES as an overdefined system of multivariate quadratic equations), its important to note that this is completely theoretical cryptanalysis, and that no one has been able to demonstrate breaking even a simplified version of Rijndael (AES), in a lab or anywhere else. It isn't even remotely practical. Perhaps in 10-15 years computing power might reach the point where this would be a cause for concern. If so, we'll have switched to something stronger. In fact, in anticipation, we've switched to 256-bit keys."
