Professional Web Applications Themes

AES-128 good enough for medical data? - Mac Applications & Software

Just wondering: Panther (Mac OSX next release) will offer the option of encrypting home directories with AES-128. Is this deemed good enough for medical data in the US? TIA Marc -- Marc Heusser - Zurich, Switzerland Coaching - Consulting - Counselling - Psychotherapy http://www.heusser.com remove the obvious CHEERS and MERCIAL... from the reply address to reply via e-mail...

  1. #1

    Default AES-128 good enough for medical data?

    Just wondering:
    Panther (Mac OSX next release) will offer the option of encrypting home
    directories with AES-128.
    Is this deemed good enough for medical data in the US?

    TIA

    Marc

    --
    Marc Heusser - Zurich, Switzerland
    Coaching - Consulting - Counselling - Psychotherapy
    http://www.heusser.com
    remove the obvious CHEERS and MERCIAL... from the reply address
    to reply via e-mail
    Marc Guest

  2. #2

    Default Re: AES-128 good enough for medical data?

    In article <bluewin.ch>,
    Marc Heusser <comMERCIALSPAMMERS.invalid>
    wrote:
     

    It certainly *should* be, since it's more than up to the task. Whether
    it actually _is_ officially approved for medical data is another
    question. One you really need to direct to some kind of official
    source, not to the whims of Usenet.

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 1.4: Best cleanup yet, gets files other tools miss.
    See http://www.atomicbird.com/
    Tom Guest

  3. #3

    Default Re: AES-128 good enough for medical data?

    "Marc Heusser" 

    Yes.
    (But don't assume that a system is secure just because it uses
    AES-128. Systems often have security flaws that do not
    involve breaking the block cipher.)


    Roger Guest

  4. #4

    Default Re: AES-128 good enough for medical data?

    "Marc Heusser" <comMERCIALSPAMMERS.invalid> wrote
    in message news:bluewin.ch... 

    AES-128 itself is the last of your worries. No world record attempts will
    be made for the next 100 years or more until computers are powerful enough.
    After all, DES 56 bit wasn't broken until 1997. Every bit you increase
    doubles the CPU requirements. That means you would need 72 doublings in CPU
    speed before you can even make a massive world record attempt at AES-128.
    Since Moore's law specifies a doubling every 1.5 years, that leaves 108
    years after 1997.

    See this article.
    http://www.rsasecurity.com/rsalabs/bulletins/bulletin13.html

    The vendor's implementation and the user's deployment of the encryption
    technology is many orders of magnitude worse of a problem. The problem is,
    how to you protect the 128-bit key? Are you protecting it with your
    mother's maiden name? Your pet dog's birthday? A smart card? That is what
    you need to be thinking about. Not the theoretical strength of AES-128.


    George Ou


    George Guest

  5. #5

    Default Re: AES-128 good enough for medical data?

    In article <tph-6FAAE3.14470410092003localhost>,
    Tom Harrington <no.spam.dammit.net> wrote:
     
    >
    > It certainly *should* be, since it's more than up to the task. Whether
    > it actually _is_ officially approved for medical data is another
    > question. One you really need to direct to some kind of official
    > source, not to the whims of Usenet.[/ref]

    That answer is good enogh - as I live in Switzerland and we do not have
    official standards in this area.
    As US is generally rather paranoid in this respect, it should be good
    enough over here.
    I just wanted to know from a cryptographic point of view.

    (And yes, as an MSEE with a major in digital information theory I am
    aware of the technicalities involved that weaken a cryptographic system.)

    Thanks

    Marc

    --
    Marc Heusser - Zurich, Switzerland
    Coaching - Consulting - Counselling - Psychotherapy
    http://www.heusser.com
    remove the obvious CHEERS and MERCIAL... from the reply address
    to reply via e-mail
    Marc Guest

  6. #6

    Default Re: AES-128 good enough for medical data?

    "George Ou" <com2897> wrote in
    news:eiM7b.811$news.prodigy.com:
     

    Ah, but DES wasn't actually broken, at least not in the "academic" sense.
    The attack, a successful one, was a brute-force search of the key space.

    I think you're referring to the "distributed.net" attack. Since that time,
    there have been other faster searches of the key space. Moreover, even
    shortly after DES was proposed as the standard, many cryptologists were
    worried about DES's short key space.

    J

    --
    __________________________________________
    When will Bush come to his senses?
    Joe Peschel
    D.O.E. SysWorks
    http://members.aol.com/jpeschel/index.htm
    __________________________________________
    Joe Guest

  7. #7

    Default Re: AES-128 good enough for medical data?

    "Joe Peschel" <spam.org> wrote in message
    news:168.3.44... 
    >
    > Ah, but DES wasn't actually broken, at least not in the "academic" sense.
    > The attack, a successful one, was a brute-force search of the key space.
    >
    > I think you're referring to the "distributed.net" attack. Since that time,
    > there have been other faster searches of the key space. Moreover, even
    > shortly after DES was proposed as the standard, many cryptologists were
    > worried about DES's short key space.[/ref]

    Yes, thanks for distinguishing. That is what I meant.. I didn't elaborate
    that it was a brute force attack using a distributed exhaustive key search.
    That said however, AES (the Rijndael algorithm) is probably one of the most
    advanced symmetric encryption algorithms to date. For that matter, all of
    the other AES finalists MARS, RC6, Serpent, and Twofish were damn good.


    George Guest

  8. #8

    Default Re: AES-128 good enough for medical data?

    In article <bluewin.ch>,
    Marc Heusser <comMERCIALSPAMMERS.invalid> wrote: 

    I hate to say it, but most medical data is stored unencrypted. I
    think you'll find that the required safeguards are largely procedural
    rather than technological.
    --
    Matthew T. Russotto net
    "Extremism in defense of liberty is no vice, and moderation in pursuit
    of justice is no virtue." But extreme restriction of liberty in pursuit of
    a modi of security is a very expensive vice.
    Matthew Guest

  9. #9

    Default Re: AES-128 good enough for medical data?

    In article <168.3.44>,
    Joe Peschel <spam.org> wrote: 
    >
    >Ah, but DES wasn't actually broken, at least not in the "academic" sense.
    >The attack, a successful one, was a brute-force search of the key space.[/ref]

    Nope, there were several academic breaks as well. However, they are
    "chosen plaintext" attacks, and require an unlikely number of
    plaintext-ciphertext pairs for most applications.
    --
    Matthew T. Russotto net
    "Extremism in defense of liberty is no vice, and moderation in pursuit
    of justice is no virtue." But extreme restriction of liberty in pursuit of
    a modi of security is a very expensive vice.
    Matthew Guest

  10. #10

    Default Re: AES-128 good enough for medical data?

    speakeasy.net (Matthew Russotto) wrote in
    news:net:
     
    >>
    >>Ah, but DES wasn't actually broken, at least not in the "academic"
    >>sense. The attack, a successful one, was a brute-force search of the
    >>key space.[/ref]
    >
    > Nope, there were several academic breaks as well. However, they are
    > "chosen plaintext" attacks, and require an unlikely number of
    > plaintext-ciphertext pairs for most applications.[/ref]

    Nope? Matt, what George and I were talking about was the distributed
    exhaustive key search in 1997. This was not a "academic" break.

    I don't think we can consider the attacks of Biham, and, later, Matsui
    breaks in that the attacks, with their attendant workload, aren't
    significantly faster than brute-force.

    J

    --
    __________________________________________
    When will Bush come to his senses?
    Joe Peschel
    D.O.E. SysWorks
    http://members.aol.com/jpeschel/index.htm
    __________________________________________
    Joe Guest

  11. #11

    Default Re: AES-128 good enough for medical data?

    In article <net>,
    speakeasy.net (Matthew Russotto) wrote:
     
    >
    > I hate to say it, but most medical data is stored unencrypted. I
    > think you'll find that the required safeguards are largely procedural
    > rather than technological.[/ref]

    Yes, I know - a Swiss hospital just had to learn that its safeguards are
    so bad that an officer from the Federal enforcement agency for data
    protection could get into the network (wireless of course) from outside
    the building, and get to the most sensitive data of patients, and even
    got to programming access at live saving machines in the intensive care
    station - it could have cost real lives if a malicious war driver had
    done it.

    Now that does not mean everyone needs to follow the same lousy
    procedures and safeguards :-)

    Marc

    --
    Marc Heusser - Zurich, Switzerland
    Coaching - Consulting - Counselling - Psychotherapy
    http://www.heusser.com
    remove the obvious CHEERS and MERCIAL... from the reply address
    to reply via e-mail
    Marc Guest

  12. #12

    Default Re: AES-128 good enough for medical data?

    Joe Peschel <spam.org> writes:
     

    note brute force attacks against specific keys are not against the
    algorithm; although once it becomes extremely trivial to attack all
    keys ... then presumably the algorithm infrastructure is at much more
    risk. In general, security & risk management view security/protection
    proportional to risk. If you are using a DES key to protect $500 thing
    and it still takes $50,000 to attack a specific key ... you might
    still consider yourself protected.

    However, if you were using a DES key to protect a whole infrastructure
    .... then an attack on that DES key can create a systemic risk that
    puts the whole infrastructure at risk ... which possibly could
    represent much more at risk than the cost of an attack.

    minor reference to security proportional to risk:
    http://www.garlic.com/~lynn/2001h.html#61

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
    Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
    Anne Guest

  13. #13

    Default Re: AES-128 good enough for medical data?

    Joe Peschel wrote:
     
    >>
    >>Nope, there were several academic breaks as well. However, they are
    >>"chosen plaintext" attacks, and require an unlikely number of
    >>plaintext-ciphertext pairs for most applications.[/ref]
    >
    > Nope? Matt, what George and I were talking about was the distributed
    > exhaustive key search in 1997. This was not a "academic" break.
    >
    > I don't think we can consider the attacks of Biham, and, later, Matsui
    > breaks in that the attacks, with their attendant workload, aren't
    > significantly faster than brute-force.[/ref]

    But you can't have it both ways, saying it wasn't broken in the
    academic sense and then saying the academic attacks don't count
    because of impractical assumptions or high workload.

    The first demonstrated break of DES was 'in the "academic"
    sense' by Matsui's linear cryptysis; the attack had a much
    smaller workload than brute-force search. Later it was broken
    in the practical sense by distributed net attacks and the EFF's
    machine. What's worse, it fell while data it was approved to
    protect was still sensitive.


    --
    --Bryan
    firstname dot lastname at domain of the Association for Computing Machinery

    Bryan Guest

  14. #14

    Default Re: AES-128 good enough for medical data?

    Bryan Olson <org> wrote in
    news:Utb8b.1152$news.prodigy.com:
     
    > >
    > > Nope? Matt, what George and I were talking about was the distributed
    > > exhaustive key search in 1997. This was not a "academic" break.
    > >
    > > I don't think we can consider the attacks of Biham, and, later, Matsui
    > > breaks in that the attacks, with their attendant workload, aren't
    > > significantly faster than brute-force.[/ref]
    >
    > But you can't have it both ways, saying it wasn't broken in the
    > academic sense and then saying the academic attacks don't count
    > because of impractical assumptions or high workload.
    >
    > The first demonstrated break of DES was 'in the "academic"
    > sense' by Matsui's linear cryptysis; the attack had a much
    > smaller workload than brute-force search. Later it was broken
    > in the practical sense by distributed net attacks and the EFF's
    > machine. What's worse, it fell while data it was approved to
    > protect was still sensitive.
    >
    >[/ref]

    Did it seem like I was trying to have it both ways? I didn't intend that.
    I think it's a mistake to say that DES is broken when we really mean it's
    broken because of its short and searchable key space. Saying that it is
    broken, without mentioning the searchable key space business, might lead
    people to believe that there is some weakness, other than the short key,
    with the cipher itself. That might cause people to shun Triple-DES.

    As I recall, Schneier defined an academic break, as a successful attack
    that is significantly faster than brute-force. Neither Biham's or Matsui's
    attack seem, to me any way, significantly faster than brute-force. I'm not
    really sure how much faster "significantly faster" is. Is there a rule-of
    thumb?

    J
    --
    __________________________________________
    When will Bush come to his senses?
    Joe Peschel
    D.O.E. SysWorks
    http://members.aol.com/jpeschel/index.htm
    __________________________________________
    Joe Guest

  15. #15

    Default Re: AES-128 good enough for medical data?

    In article <168.3.44>,
    Joe Peschel <spam.org> wrote: 

    I don't think Triple-DES falls to the linear and differential
    attacks.
     

    It only has to be factor of two faster. Matsui's attack, IIRC, is 2^43,
    whereas brute-force is 2^56. That's definitely significant. The
    attack isn't practical in most cirstances because of the number of
    plaintext-ciphertext pairs you need, but that doesn't matter for an
    academic break.

    I've seen references to a time-space tradeoff attack which could break
    (practically) a DES key with 1TB of storage and just a few days
    computation time on a PC, but the only details I found also involved a
    custom FPGA. Anyway, if it's so, DES-breaking for anyone interested
    and only moderately well-off is already here, and DES-breaking for the
    masses is right around the corner.

    --
    Matthew T. Russotto net
    "Extremism in defense of liberty is no vice, and moderation in pursuit
    of justice is no virtue." But extreme restriction of liberty in pursuit of
    a modi of security is a very expensive vice.
    Matthew Guest

  16. #16

    Default Re: AES-128 good enough for medical data?

    > AES-128 itself is the last of your worries. No world record attempts will 

    Just a thought... (Perhaps my ignorance...)

    Wouldn't a more significant threat be an advance in the theory of
    cryptysis, rather than an increase in raw computing power? Ya
    know, that whole "work smarter, not harder..."

    I haven't heard of any cut and dry descriptions of how fast this sort
    of thing happens (like Moore's law)... (Let's call it Baker's Law! :)
    )

    (Please feel free to post links... As I am just beginning to learn
    about crypto in general)

    Thanks!

    Jon
    Jonathan Guest

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139