Re: Algorithms to generate permutations

From: Tom St Denis (tomstdenis_at_gmail.com)
Date: 08/02/05


Date: 2 Aug 2005 06:00:02 -0700

Unruh wrote:
> It IS. Most block cyphers are concatenations of primative encryption steps
> (rounds). YOu could stop after 1,2,3,4 rounds and you would have an
> encryption. Usually weak. It is the concatenation of the mutiple
> encryptions that is strong.

There is a difference between adding rounds to AES and adding CAST5 to
AES.

AES has a well defined round structure [e.g. branch=25 over 4R]. This
makes the analysis much easier. There is a reason why it has 10 rounds
and not 4 or 3 or 7 or 5 or ... What does tacking on CAST5 buy you
that you can actually sit here and prove?

Does that mean AES is provably CCA-IND immune? No. But it's among the
best we can do with the resource constraints in place.

And frankly, I'd be really surprised if AES-128 is broken [*] in the
next 10 years, broken to the point of unusable in the next 20.

I mean of all the attacks out there none of them can actually break the
design. * So a totally new line of attack will have to be devised. Do
I think this is possible? Yes. Does this make it the likely threat
vector? No.

There are way more things to concern yourself with then what cipher you
choose...

If you're really that threaten then design a protocol that is agnostic
to the underlying cipher/hash/etc and upgrade as required.

Tom



Relevant Pages

  • Re: Algorithms to generate permutations
    ... Most block cyphers are concatenations of primative encryption steps ... CryptoSMS whether you intend to or not. ...
    (sci.crypt)
  • Re: Algorithms to generate permutations
    ... Most block cyphers are concatenations of primative encryption steps ... > There is a difference between adding rounds to AES and adding CAST5 to ...
    (sci.crypt)
  • Re: Encrypting connection strings in .Net
    ... I am not talking about a threat from an admin per se (although, ... prevent a hacker from being able to see this secret. ... Anyway, if you encrypt the secret, but store the encryption key in plain ...
    (microsoft.public.dotnet.security)
  • On-Disk Encryption and Data Integrity
    ... and Encryption with Authentication were the ... required cryptographic operations. ... but the threat model is slightly ... Message Confidentiality and Integrity - Prepend Hash versus Append ...
    (sci.crypt)
  • Re: Stop the Criminals
    ... The doomsday device has already killed a few hundred ... actual deadly threat or if its merely FUD. ... She's using the cornucopia machine to make robots. ... But strong encryption against a more advanced opponent is a *big* ...
    (rec.arts.sf.science)