Re: A doubt...

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 03/28/04

• Next message: Bill Unruh: "Re: MD5 Cracking"
• Previous message: Douglas A. Gwyn: "Re: A doubt..."
• In reply to: Douglas A. Gwyn: "Re: A doubt..."
• Next in thread: Mok-Kong Shen: "Re: A doubt..."
• Reply: Mok-Kong Shen: "Re: A doubt..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 28 Mar 2004 07:31:29 +0000 (UTC)

Douglas A. Gwyn wrote:
>Paul Crowley wrote:
>> The idea of unicity distance and related possibilities in information
>> theoretic security often fascinate newcomers to sci.crypt, but they
>> are not directly fertile ground for secure encryption - a conventional
>> cipher is a far better bet.
>
>I would put it that ensuring that key changes faster than the unicity
>distance is a hard task to accomplish, so actual systems tend to fall
>short of that goal. Putting special trust in some system simply because
>it doesn't even try, however, isn't a logical conclusion.

It's not *because* AES doesn't try to be information-theoretically
secure that we trust it; we trust it for other reasons.

Let me put it another way. We don't sit around saying "Oooh, that
scheme has a really small unicity distance, and look, they don't even
mention information theory anywhere in the cipher specification --
therefore it *must* be secure!". That would indeed be silly.

I'll try saying it a third way. The fact that AES is
information-theoretically insecure is neither evidence for the
computational security of AES, nor evidence against the computational
security of AES -- the information-theoretic insecurity of AES is simply
irrelevant to the question of whether AES is computationally secure.

---

• Next message: Bill Unruh: "Re: MD5 Cracking"
• Previous message: Douglas A. Gwyn: "Re: A doubt..."
• In reply to: Douglas A. Gwyn: "Re: A doubt..."
• Next in thread: Mok-Kong Shen: "Re: A doubt..."
• Reply: Mok-Kong Shen: "Re: A doubt..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Encrypting binary and text data ... I want to encrypt chunks of data that include ascii ... If efficiency is your main concern, then use NES instead of AES. ... If that doesn't sound quite as secure as you would like, ... efficiency for the sake of security. ... (comp.security.misc) Re: DES and 3DES ... > I think you misunderstood. ... Security is relative, and we ALL know that 3DES ... > and AES are nowhere near as secure as the MegaQuantum MultiVariable ... (sci.math) Re: DES and 3DES ... > I think you misunderstood. ... Security is relative, and we ALL know that 3DES ... > and AES are nowhere near as secure as the MegaQuantum MultiVariable ... (comp.security.misc) Re: Are These Algorithms Good? ... Which ones, if any, are reputable and believed to be secure? ... Which, if any, are snake-oil, or at least questionable? ... It has 80-bit security which is enough ... for today but most would start at 128-bit AES if they could. ... (sci.crypt) Re: is this double CBC? ... datatype of storage the algorithm can remain the same. ... going on to directly contradict yourself. ... if it was designed to work in place of a cypher, i wouldn't be using AES now ... Good to know your intention is to weaken security, ... (sci.crypt)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)