Re: AES-128 good enough for medical data?
From: Joe Peschel (jpeschel_at_no.spam.org)
Date: 09/12/03
- Next message: Trevor Perrin: "Re: Choosing key to verify someone else's sig?"
- Previous message: mike: "Probability"
- In reply to: Bryan Olson: "Re: AES-128 good enough for medical data?"
- Next in thread: Matthew Russotto: "Re: AES-128 good enough for medical data?"
- Reply: Matthew Russotto: "Re: AES-128 good enough for medical data?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Sep 2003 05:21:47 -0000
Bryan Olson <fakeaddress@nowhere.org> wrote in
news:Utb8b.1152$RE5.7@newssvr27.news.prodigy.com:
> Joe Peschel wrote:
>
> > Matthew Russotto wrote:
> >
> >>Joe Peschel <jpeschel@no.spam.org> wrote:
> >>>Ah, but DES wasn't actually broken, at least not in the "academic"
> >>>sense. The attack, a successful one, was a brute-force search of the
> >>>key space.
> >>
> >>Nope, there were several academic breaks as well. However, they are
> >>"chosen plaintext" attacks, and require an unlikely number of
> >>plaintext-ciphertext pairs for most applications.
> >
> > Nope? Matt, what George and I were talking about was the distributed
> > exhaustive key search in 1997. This was not a "academic" break.
> >
> > I don't think we can consider the attacks of Biham, and, later, Matsui
> > breaks in that the attacks, with their attendant workload, aren't
> > significantly faster than brute-force.
>
> But you can't have it both ways, saying it wasn't broken in the
> academic sense and then saying the academic attacks don't count
> because of impractical assumptions or high workload.
>
> The first demonstrated break of DES was 'in the "academic"
> sense' by Matsui's linear cryptanalysis; the attack had a much
> smaller workload than brute-force search. Later it was broken
> in the practical sense by distributed net attacks and the EFF's
> machine. What's worse, it fell while data it was approved to
> protect was still sensitive.
>
>
Did it seem like I was trying to have it both ways? I didn't intend that.
I think it's a mistake to say that DES is broken when we really mean it's
broken because of its short and searchable key space. Saying that it is
broken, without mentioning the searchable key space business, might lead
people to believe that there is some weakness, other than the short key,
with the cipher itself. That might cause people to shun Triple-DES.
As I recall, Schneier defined an academic break, as a successful attack
that is significantly faster than brute-force. Neither Biham's or Matsui's
attack seem, to me any way, significantly faster than brute-force. I'm not
really sure how much faster "significantly faster" is. Is there a rule-of
thumb?
J
-- __________________________________________ When will Bush come to his senses? Joe Peschel D.O.E. SysWorks http://members.aol.com/jpeschel/index.htm __________________________________________
- Next message: Trevor Perrin: "Re: Choosing key to verify someone else's sig?"
- Previous message: mike: "Probability"
- In reply to: Bryan Olson: "Re: AES-128 good enough for medical data?"
- Next in thread: Matthew Russotto: "Re: AES-128 good enough for medical data?"
- Reply: Matthew Russotto: "Re: AES-128 good enough for medical data?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
