Re: Algorithms to generate permutations
Date: Tue, 02 Aug 2005 23:08:32 +1000
Tom St Denis wrote:
> Unruh wrote:
>>It IS. Most block cyphers are concatenations of primative encryption steps
>>(rounds). YOu could stop after 1,2,3,4 rounds and you would have an
>>encryption. Usually weak. It is the concatenation of the mutiple
>>encryptions that is strong.
> There is a difference between adding rounds to AES and adding CAST5 to
> AES has a well defined round structure [e.g. branch=25 over 4R]. This
> makes the analysis much easier. There is a reason why it has 10 rounds
> and not 4 or 3 or 7 or 5 or ... What does tacking on CAST5 buy you
> that you can actually sit here and prove?
It buys you strength against future successful attacks against AES.
Just because a new technique works against AES does not mean it will
work against CAST.
> Does that mean AES is provably CCA-IND immune? No. But it's among the
> best we can do with the resource constraints in place.
> And frankly, I'd be really surprised if AES-128 is broken [*] in the
> next 10 years, broken to the point of unusable in the next 20.
The Nazis were probably surprised when Enigma was broken.
> I mean of all the attacks out there none of them can actually break the
> design. * So a totally new line of attack will have to be devised. Do
> I think this is possible? Yes. Does this make it the likely threat
> vector? No.
Likely? Maybe not. Possible? You already said "yes", thus indicating
the need for multiple encryption.
> There are way more things to concern yourself with then what cipher you
> If you're really that threaten then design a protocol that is agnostic
> to the underlying cipher/hash/etc and upgrade as required.
Good idea. That's precisely why CryptoSMS has plug-in ciphers.
New ones are added to the mix all the time.