Re: Algorithms to generate permutations
Crypto_at_S.M.S
Date: 08/02/05
 Next message: Crypto_at_S.M.S: "Re: Using MGF1 for key generation"
 Previous message: Crypto_at_S.M.S: "Re: Algorithms to generate permutations"
 In reply to: Tom St Denis: "Re: Algorithms to generate permutations"
 Next in thread: Tom St Denis: "Re: Algorithms to generate permutations"
 Reply: Tom St Denis: "Re: Algorithms to generate permutations"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 02 Aug 2005 23:08:32 +1000
Tom St Denis wrote:
> Unruh wrote:
>
>>It IS. Most block cyphers are concatenations of primative encryption steps
>>(rounds). YOu could stop after 1,2,3,4 rounds and you would have an
>>encryption. Usually weak. It is the concatenation of the mutiple
>>encryptions that is strong.
>
>
> There is a difference between adding rounds to AES and adding CAST5 to
> AES.
>
> AES has a well defined round structure [e.g. branch=25 over 4R]. This
> makes the analysis much easier. There is a reason why it has 10 rounds
> and not 4 or 3 or 7 or 5 or ... What does tacking on CAST5 buy you
> that you can actually sit here and prove?
>
It buys you strength against future successful attacks against AES.
Just because a new technique works against AES does not mean it will
work against CAST.
> Does that mean AES is provably CCAIND immune? No. But it's among the
> best we can do with the resource constraints in place.
>
> And frankly, I'd be really surprised if AES128 is broken [*] in the
> next 10 years, broken to the point of unusable in the next 20.
>
The Nazis were probably surprised when Enigma was broken.
> I mean of all the attacks out there none of them can actually break the
> design. * So a totally new line of attack will have to be devised. Do
> I think this is possible? Yes. Does this make it the likely threat
> vector? No.
>
Likely? Maybe not. Possible? You already said "yes", thus indicating
the need for multiple encryption.
> There are way more things to concern yourself with then what cipher you
> choose...
>
> If you're really that threaten then design a protocol that is agnostic
> to the underlying cipher/hash/etc and upgrade as required.
>
Good idea. That's precisely why CryptoSMS has plugin ciphers.
New ones are added to the mix all the time.
 Next message: Crypto_at_S.M.S: "Re: Using MGF1 for key generation"
 Previous message: Crypto_at_S.M.S: "Re: Algorithms to generate permutations"
 In reply to: Tom St Denis: "Re: Algorithms to generate permutations"
 Next in thread: Tom St Denis: "Re: Algorithms to generate permutations"
 Reply: Tom St Denis: "Re: Algorithms to generate permutations"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
