In 2002, a theoretical attack, termed the "XSL attack", was announced by Nicolas Courtois and Josef Pieprzyk, showing a potential weakness in the AES algorithm. It seems that the attack, if the mathematics is correct, is not currently practical as it would have a prohibitively high "work factor". There have been claims of considerable work factor improvement, however, so the attack technique might become practical in the future. On the other hand, several cryptography experts have found problems in the underlying mathematics of the proposed attack, suggesting that the authors have made a mistake in their estimates. Whether this line of attack can be made to work against AES remains an open question. For the moment, as far as is publicly known, the XSL attack against AES is speculative; it is unlikely that anyone could carry out the current attack in practice.In April 2005, Daniel_J._Bernstein announced a cache timing attack that breaks most practical AES implementations, and applied it to break OpenSSL when using AES encryption. The attack is against practical implementations but appears hard to defend against because of the AES structure.