# Re: Algorithms to generate permutations

**From:** Tom St Denis (*tomstdenis_at_gmail.com*)

**Date:** 08/02/05

**Next message:**vedaal: "Re: *secure* (non-OTP) pencil and paper systems ?"**Previous message:**Crypto_at_S.M.S: "Re: Using MGF1 for key generation"**In reply to:**Unruh: "Re: Algorithms to generate permutations"**Next in thread:**Crypto_at_S.M.S: "Re: Algorithms to generate permutations"**Reply:**Crypto_at_S.M.S: "Re: Algorithms to generate permutations"**Reply:**Unruh: "Re: Algorithms to generate permutations"**Messages sorted by:**[ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 2 Aug 2005 06:00:02 -0700

Unruh wrote:

*> It IS. Most block cyphers are concatenations of primative encryption steps
*

*> (rounds). YOu could stop after 1,2,3,4 rounds and you would have an
*

*> encryption. Usually weak. It is the concatenation of the mutiple
*

*> encryptions that is strong.
*

There is a difference between adding rounds to AES and adding CAST5 to

AES.

AES has a well defined round structure [e.g. branch=25 over 4R]. This

makes the analysis much easier. There is a reason why it has 10 rounds

and not 4 or 3 or 7 or 5 or ... What does tacking on CAST5 buy you

that you can actually sit here and prove?

Does that mean AES is provably CCA-IND immune? No. But it's among the

best we can do with the resource constraints in place.

And frankly, I'd be really surprised if AES-128 is broken [*] in the

next 10 years, broken to the point of unusable in the next 20.

I mean of all the attacks out there none of them can actually break the

design. * So a totally new line of attack will have to be devised. Do

I think this is possible? Yes. Does this make it the likely threat

vector? No.

There are way more things to concern yourself with then what cipher you

choose...

If you're really that threaten then design a protocol that is agnostic

to the underlying cipher/hash/etc and upgrade as required.

Tom

**Next message:**vedaal: "Re: *secure* (non-OTP) pencil and paper systems ?"**Previous message:**Crypto_at_S.M.S: "Re: Using MGF1 for key generation"**In reply to:**Unruh: "Re: Algorithms to generate permutations"**Next in thread:**Crypto_at_S.M.S: "Re: Algorithms to generate permutations"**Reply:**Crypto_at_S.M.S: "Re: Algorithms to generate permutations"**Reply:**Unruh: "Re: Algorithms to generate permutations"**Messages sorted by:**[ date ] [ thread ] [ subject ] [ author ] [ attachment ]