Geek Answers Handbook

When using AES, is there a way to determine if data has been encrypted using 128 or 256-bit keys?

I was wondering if there is a way to tell if the data was encrypted with a specific key size, without source code. Are there any noticeable differences from the data that you can verify after encryption?

+4
source share
2 answers

There is no way to do this. Both encrypt 16-byte chunks of data and the resulting blocks will look the same after the encryption is complete (they will have different values, but analysis of only the encrypted data will not be able to determine the size of the source key). If the source data (plain text) is available, it may be possible to carry out some kind of analysis.

Very simplified "proof":

  • For this input, the output length is the same regardless of the size of the key. However, it may vary depending on the mode (CBC, CTR, etc.).
  • Since encryption is reversible, it can be considered a one-to-one function. In other words, another input leads to a different result.
  • Therefore, you can produce any given output (by changing the plain text) regardless of the size of the key.

Thus, for a given password, you can get the same result using the corresponding plain text regardless of the size of the key. This "proof" has a hole in the fact that the filling circuits can lead to a larger output than the input (therefore, the function is not necessarily onto .) But I doubt that this will affect the final result.

+4
source

If the encryption system is good (AES), then there should be no way to distinguish its original output from random data - therefore, in particular, there should be no way to distinguish between AES-128 and AES-256, at least on the output bits.

However, most protocols that use encryption ultimately include some metadata that, without ambiguity, indicates the type of algorithm used, including the key size. This means that the recipient knows what to use for decryption. This is not considered a problem. Thus, in practice, everyone should assume that any attacker is looking at your system, knows whether the key is really a 128-bit or 256-bit key.

Some side channels may also provide this information. AES encryption with a 256-bit key is 40% slower than AES encryption with a 128-bit key: just specify how long the encryption server takes to respond, it can determine the key size.

+2
source

More articles:


All Articles