Determine AES key given encrypted and unencrypted files

Question

Given an encrypted file, the original unencrypted (cleartext) file, and knowledge of which AES encryption algorithm was used, is it possible to determine the key that was used to encrypt the data in a reasonable period of time?

I am not looking for details on how AES works, just a simple answer.

See also https://crypto.stackexchange.com/questions/1512/why-is-aes-resistant-to-known-plaintext-attacks, https://crypto.stackexchange.com/questions/3952/is-it-possible-to-obtain-aes-128-key-from-a-known-ciphertext-plaintext-pair, https://crypto.stackexchange.com/questions/63883/is-it-possible-to-find-the-key-for-aes-ecb-if-i-have-a-list-of-plaintext-and-cor and other similar questions. — Ilmari Karonen, Dec 07 '18 at 01:10
This is a 2-year old question with an accepted answer. I've moved long past this and have no idea why it's being revived, but thank you @IlmariKaronen — andrewgu, Dec 07 '18 at 22:28
There was a (rather poor) new answer that bumped it to the front page. That answer has since been deleted. But since I noticed that your question is rather similar to a bunch of others here, I figured linking them would be useful. Arguably, some of those questions might even qualify as duplicates, but since they all have decent answers already, closing or merging them would be a lot of work for little if any gain. — Ilmari Karonen, Dec 07 '18 at 22:38

score 6 · Accepted Answer · edited Dec 06 '18 at 15:43

6

The simple answer is no, known plaintext attacks should not be possible on an AES-encrypted file, assuming that AES is applied correctly. No information about the encrypted file or key should be leaked even if the adversary can guesss the contents of "the original unencrypted (cleartext) file".

Beware that any mistake into a protocol specification or implementation may negate the security of AES - and this could include the security of the key used. Point in case: some "AES encrypted" USB devices stored the key next to the ciphertext, in case somebody forgot the password.

edited Dec 06 '18 at 15:43

Maarten Bodewes

92,551
13
161
313

answered Jul 18 '15 at 00:06

Got it. So all AES variants are resistant to known and chosen plaintext attacks? – andrewgu Jul 18 '15 at 00:14
5

As far as is publicly known. $;$ – Jul 18 '15 at 01:01

score 0 · Answer 2 · answered Jul 18 '15 at 04:46

0

No. That would amount to cracking AES, which is not feasible.

answered Jul 18 '15 at 04:46

DeepSpace101

1,697
2
17
24

Determine AES key given encrypted and unencrypted files

2 Answers2

Linked

Related