Re: Generate a one-time pad from say a 256bit key?

---

• From: "Tom St Denis" <tomstdenis@xxxxxxxxx>
• Date: 9 Aug 2006 08:14:12 -0700

---

Paul Rubin wrote:

"Tom St Denis" <tomstdenis@xxxxxxxxx> writes:

Serpent is a decent choice, not nearly as fast as Rijndael.

Serpent might faster than AES-128 if you use a bit-slice
implementation with x86 XMM instructions. I don't know if anyone has
tried that yet. Probably not worthwhile. Some of the Ecrypt stream
cipher candidates are way faster than AES and look promising in terms
of security. Block ciphers have a property (i.e., invertibility)
which is not necessary for many uses of crypto, and which appears to
be somewhat expensive. We're in the habit of using them because
history starting with DES, but it's sort of as if public-key crypto
had been invented earlier than secret-key, and we got in the habit of
using RSA even for symmetric encryption, despite its slow speed. But
we should be looking to switch to stream ciphers, now that we have a
better understanding of what we want our primitives to do.

You are missing a crucial point here though. I'm not a standards
fanboi or somesuch. I truly believe that AES is both efficient and can
be used in a secure fashion. If Ecrypt produces a winner [or
winners] which then become standardized, well documented and are both
secure and fast then sure go for it.

For example, NESSIE produced Whirlpool, Anubis and Khazad. I have no
problems recommending them if the circumstances warrant. They're all
decently efficient, [Anubis basically being an optimized Rijndael],
secure, etc...Serpent and RC4 are not standards. Maybe if AES was
shown to weak I'd consider recommending the other AES finalists.

Tom

.

---

• References:
  • Generate a one-time pad from say a 256bit key?
    • From: Dave -Turner
  • Re: Generate a one-time pad from say a 256bit key?
    • From: David Wagner
  • Re: Generate a one-time pad from say a 256bit key?
    • From: Tom St Denis
  • Re: Generate a one-time pad from say a 256bit key?
    • From: Unruh
  • Re: Generate a one-time pad from say a 256bit key?
    • From: Tom St Denis
  • Re: Generate a one-time pad from say a 256bit key?
    • From: vedaal
  • Re: Generate a one-time pad from say a 256bit key?
    • From: Tom St Denis
  • Re: Generate a one-time pad from say a 256bit key?
    • From: Paul Rubin

• Prev by Date: Re: Need simple lib for asymetric encryption
• Next by Date: Re: Generate a one-time pad from say a 256bit key?
• Previous by thread: Re: Generate a one-time pad from say a 256bit key?
• Next by thread: Re: Generate a one-time pad from say a 256bit key?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: My little something... ... There is no reason to belive it is LESS secure. ... ciphers are cascaded and 1 of them fails, the second one still keeps the ... You are wrong to classify the threat (not the attack) as unknown, ... Does a break of AES imply a break of Twofish? ... (sci.crypt) Re: My little something... ... So where DES and FEAL, or even Knufu for that matter. ... been applied to a wide variety of ciphers from balanced feistels [DES, ... There is no reason to assume a future attack would apply only to AES. ... (sci.crypt) Re: key length vs block length, most secure encryption algorithm today? ... Twofish is a development of Blowfish and more secure. ... Both AES and Twofish were ... (sci.crypt) Re: Erasing an OTP file on a SD card. ... I implemented One Time Pad under AES 256 bits CBC ... In our system you can't use OTP alone. ... secure than other systems, but in the worst case it has no advantage ... (sci.crypt) default cipher types in openssh ... The order of preferrence seems to a little ... cipher types except for AES, ... NEW from Yahoo! ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2006-08