|
Az első olyan támadások amelyek megszerzik a titkosító kulcsot, Andrey Bogdanov, Dmitry Khovratovich, és Christian Rechbergertől származnak és 2011-ben jelentek meg.<ref>{{cite web |url=http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |title=Biclique Cryptanalysis of the Full AES |author=Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger |year=2011}}</ref>
== NIST/CSEC validationellenőrzés ==
TheA [[CMVP|Cryptographic Module Validation Program]] (CMVP) isaz operated[[Amerikai jointlyEgyesült by the United StatesÁllamok]] Government's [[National Institute of Standards and Technology]] (NIST) nevű szervezetének Computer Security Divisionrészlegének andés theKanada [[Communications Security Establishment]] (CSE) of the Government ofszervezetének Canadaprogramja. TheA usetitkosítást ofamit cryptographicaz modulesUSA validatedrendelt tomeg, NISTa [[FIPSszabályok 140-2]]szerint isolyan requiredadatok bytikosítására thehasználhatja Unitedaz StatesEgyesült GovernmentÁllamok foramik encryptiontitkosítási ofbesorolása allérzéken(Sensitive) datade that has a classification of Sensitive butnem titkos(Unclassified (SBU)) orvagy aboveszigorúbb. FromA NSTISSP #11, National Policy Governing the Acquisition of Information Assurancealapján: "EncryptionAz productsolyan fortitkosítások protectingamiket classifieda informationtitkos willminősítésiű beadatok certifiedvédelmére byhasználnak az NSA,-nak andkell encryptionellenőriznie productsés intendedaz forilyen protectingtitkosítás sensitivemegkapja information will be certified in accordance witha NIST FIPS 140-2 szerinti minősétést." <ref name="cnss.gov">http://www.cnss.gov/Assets/pdf/nstissp_11_fs.pdf</ref>
A kanadai kormány szintén azt javasolja, hogy a titkosítást a kormánylétesítmények ne használják titkos adatok védelmére.
The Government of Canada also recommends the use of [[FIPS 140]] validated cryptographic modules in unclassified applications of its departments.
A Cryptographic Algorithm Validation Program (CAVP)<ref>{{cite web|url=http://csrc.nist.gov/groups/STM/cavp/index.html |title=NIST.gov - Computer Security Division - Computer Security Resource Center |publisher=Csrc.nist.gov |date= |accessdate=2012-12-23}}</ref> lehetővé teszi hogy egy adott implementációt a NIST ellenőrizzen, viszont ennek a költsége nagy. Egy ilyen ellenőrzés azt eredményezi hogy az adott implementáció felkerült a NIST által ellenőrzőtt módszerek listájára. Ugyanakkor ez az ellenőrzés nem elégséges sem NSA ellenőrzés, sem a FIPS 140-2 minősítés pótlására tehát az USA kormánya nem használhatja ezeket titkos adatok védelmére.<ref name="cnss.gov" />
Although NIST publication 197 ("FIPS 197") is the unique document that covers the AES algorithm, vendors typically approach the CMVP under FIPS 140 and ask to have several algorithms (such as [[Triple DES|Triple DES]] or [[SHA1]]) validated at the same time. Therefore, it is rare to find cryptographic modules that are uniquely FIPS 197 validated and NIST itself does not generally take the time to list FIPS 197 validated modules separately on its public web site. Instead, FIPS 197 validation is typically just listed as an "FIPS approved: AES" notation (with a specific FIPS 197 certificate number) in the current list of FIPS 140 validated cryptographic modules.
FIPS 140-2 minősítés kihívást jelent mind technikailag mind fizikailag.<ref name="openssl">{{cite web|author=OpenSSL, openssl@openssl.org |url=http://openssl.org/docs/fips/fipsnotes.html |title=OpenSSL's Notes about FIPS certification |publisher=Openssl.org |date= |accessdate=2012-12-23}}</ref> Egy ilyen teszt jól meghatározott részekből áll mint pl.: a forráskód megvizsgálása. Az eljárás költsége magas lehet (több mint $30,000 US)<ref name="openssl" />
The Cryptographic Algorithm Validation Program (CAVP)<ref>{{cite web|url=http://csrc.nist.gov/groups/STM/cavp/index.html |title=NIST.gov - Computer Security Division - Computer Security Resource Center |publisher=Csrc.nist.gov |date= |accessdate=2012-12-23}}</ref> allows for independent validation of the correct implementation of the AES algorithm at a reasonable cost{{Citation needed|date=December 2010}}. Successful validation results in being listed on the NIST validations page. This testing is a pre-requisite for the FIPS 140-2 module validation described below. However, successful CAVP validation in no way implies that the cryptographic module implementing the algorithm is secure. Lacking FIPS 140-2 validation or specific approval by the NSA, a cryptographic module is not deemed secure by the US Government and cannot be used to protect government data.<ref name="cnss.gov"/>
== Teljesítmény ==
FIPS 140-2 validation is challenging to achieve both technically and fiscally.<ref name="openssl">{{cite web|author=OpenSSL, openssl@openssl.org |url=http://openssl.org/docs/fips/fipsnotes.html |title=OpenSSL's Notes about FIPS certification |publisher=Openssl.org |date= |accessdate=2012-12-23}}</ref> There is a standardized battery of tests as well as an element of source code review that must be passed over a period of a few weeks. The cost to perform these tests through an approved laboratory can be significant (e.g., well over $30,000 US)<ref name="openssl" /> and does not include the time it takes to write, test, document and prepare a module for validation. After validation, modules must be re-submitted and re-evaluated if they are changed in any way. This can vary from simple paperwork updates if the security functionality did not change to a more substantial set of re-testing if the security functionality was impacted by the change.
A gyorsaság és alacsony memóriaigény követelmény volt az AES kiválasztási eljárásban. Így az AES jól használható szinte minden hardwaren 8-bites smart kártyákon át nagyteljesítményű számítógépekig.
== Test vectors ==
Test vectors are a set of known ciphers for a given input and key. [[NIST]] distributes the reference of AES test vectors as [http://csrc.nist.gov/groups/STM/cavp/documents/aes/KAT_AES.zip AES Known Answer Test (KAT) Vectors (in ZIP format)].
== Performance ==
High speed and low RAM requirements were criteria of the AES selection process. Thus AES performs well on a wide variety of hardware, from 8-bit [[smart card]]s to high-performance computers.
On a [[Pentium Pro]], AES encryption requires 18 clock cycles / byte,<ref>
{{cite web
| title = Performance Comparisons of the AES submissions
| date = 1999-02-01
| url = http://www.schneier.com/paper-aes-performance.pdf
| format = PDF
| accessdate = 2010-12-28 }}
</ref> equivalent to a throughput of about 11 MiB/s for a 200 MHz processor. On a [[Pentium M]] 1.7 GHz throughput is about 60 MiB/s.
On Intel i3/i5/i7 CPUs supporting [[AES instruction set|AES-NI instruction set]] extensions, throughput can be over 700MiB/s per thread.{{Citation needed|date=July 2012}}
== Lásd még ==
* Joan Daemen, Vincent Rijmen, "The Design of Rijndael: AES – The Advanced Encryption Standard." Springer, 2002. ISBN 3-540-42580-2.
* Christof Paar, Jan Pelzl, [http://wiki.crypto.rub.de/Buch/sample_chapters.php "The Advanced Encryption Standard"], Chapter 4 of "Understanding Cryptography, A Textbook for Students and Practitioners". (companion web site contains online lectures on AES), Springer, 2009.
== Külső linkek ==
* [http://embeddedsw.net/Cipher_Reference_Home.html 256bit Ciphers - AES Reference implementation and derived code]
* [http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS PUB 197: the official AES standard] ([[Portable Document Format|PDF]] file)
* [http://csrc.nist.gov/archive/aes/rijndael/wsdindex.html AES algorithm archive information – (old, unmaintained)]
* [http://webstore.iec.ch/preview/info_isoiec18033-3%7Bed2.0%7Den.pdf Preview of ISO/IEC 18033-3]
* [http://www.formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng.swf Animation of Rijndael]
* [http://www.theinquirer.net/inquirer/news/2102435/aes-encryption-cracked/ AES encryption is cracked]
{{Cryptography navbox | block}}
| 