I disagree that the title is click bait. The AES standard is only defined for 128, 192 and 256 bits [1], but in the title the author mentioned breaking AES-1024.
So it is clear to technical readers that the title contains a joke, which will be explained in the article (the joke turns out to be poorly written software).
This was discussed before, but just in case, there's no such thing as "AES-1024". AES has only three specified variants, 128, 192, and 256.
"1024 bit" encryption generally refers to RSA, or similar public-key cryptosystems. The name is misleading. RSA-1024 is not 8x more secure than AES-128. Public key systems need larger keys than symmetric systems, like AES.
However the software described in the article works it is surely proprietary, and probably lying about its strength.
This analysis shows again that it is difficult to roll a custom cryptographic algorithm and also that the level of security of a solution does not depend on the number of encryptions performed.
Correct me if I am wrong, but isn't AES a group, like DES? If so, encrypting twice under keys of the same strength is the same as encrypting once, with a different key.
This is why, e.g., 3-DES uses encryption-decryption-encryption, under different keys.
Technically yes, but that different key might not be computed efficiently (of course no guarantee for that, but no guarantee against that as well). To my knowledge 3DES's construction is only for seamless upgrading, where putting the original 56-bit key three times gives a 3DES key.
I watched the CCC video and I understand that he found a security flaw that makes it less secure that appears, but it still takes as long to brute force as AES 128, right? So by "practical" he lowered the brute force by a lot, but still not enough to realistically brute force it. It would have been nice if he mentioned the naive key space and what he reduced it to.
