Re: Cohen's paper on byte order
From: Brian Gladman (fake@nowhere.org)
Date: 04/16/03
- Next message: Brian Gladman: "Re: Cohen's paper on byte order"
- Previous message: Douglas A. Gwyn: "Re: Cohen's paper on byte order"
- In reply to: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Next in thread: Andrew Swallow: "Re: Cohen's paper on byte order"
- Reply: Andrew Swallow: "Re: Cohen's paper on byte order"
- Reply: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brian Gladman" <fake@nowhere.org> Date: Wed, 16 Apr 2003 09:42:29 +0100
"Mok-Kong Shen" <mok-kong.shen@t-online.de> wrote in message
news:3E9C7967.832694D4@t-online.de...
>
> Eugene Starokoltsev wrote:
> >
[snip]
> > > I yet remain of the opinion (until there is very clear
> > > evidence to the opposite) that we are discussing
> > > a phantom problem.
> >
> > I agree with Dr. Gwyn what the problem exists but think it is
> > theoretical only. Formally the specifications of communication
> > protocols referencing AES without specifying bit order is incomplete.
> > But practically there in no problem.
>
> What I have been arguing is that there is not even
> a 'theoretical' problem!
You are arguing at cross purposes. There is no theoretical problem with the
specification - if it is implemented precisely as specified everything will
work. But this would be an inefficient version and is not, therefore, the
normal way that AES is implemented.
But here there is a potential practical problem since the FIPS allows two
different versions of AES to be built - versions that cannot talk to each
other.
But the FIPS is written in a way that ensures, for all practical purposes,
that only the wanted one of these exists. Moreover the wrong version would
not pass any of the AES tests. Hence, as far as is known, this situation
has not caused any real practical problems.
This is easy to fix in principle but I doubt that it will be easy to obtain
a change to the FIPS.
But for those with an interest I have updated my own version of the
specification at:
http://fp.gladman.plus.com/cryptography_technology/rijndael/spec.v36.pdf
to remove this problem.
Brian Gladman
- Next message: Brian Gladman: "Re: Cohen's paper on byte order"
- Previous message: Douglas A. Gwyn: "Re: Cohen's paper on byte order"
- In reply to: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Next in thread: Andrew Swallow: "Re: Cohen's paper on byte order"
- Reply: Andrew Swallow: "Re: Cohen's paper on byte order"
- Reply: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
