Re: a few questions about AES
- From: "TC" <aatcbbtccctc@xxxxxxxxx>
- Date: 21 Oct 2006 03:40:24 -0700
Antony Clements wrote:
You're confusing the length of your key with the strength of your<end snip>
cipher. Those two things are not the same. A cipher might have
enormously long keys, with incalculable numbers of combinations - and
yet be trivially breakable.
i realise this. i'm just going by what i read which is the strength of the
cipher is dependant on how the key is generated, the complexity, and how
many keys there are. if that is a simplistic way of putting it, please by
all means correct me.
I'm no expert, so someone else will jump in if I get this wrong.
(1) "Complexity". Certainly, the strength of a cipher depends on the
algorithm that it uses. But some of these algorithms are amazingly
simple - you could write them down completely from memory. So, a
"simple" cipher might be very secure, and a "complex" cipher might be
trivially insecure. Rather than saying that the strength of a cipher
depends on the "complexity", I'd say that the strength depends on the
"algorithym (regardless of complexity)".
(2) "How many keys". Phil Carmody put this best. The # of keys
establishes an upper bound on the cipher strength. For exampe, if there
are only 2^10 keys, then, it is trivially easy to try each key in turn
(a brute force attack). So, few keys => a weak cipher. But the converse
is not necessarly true: many keys does /not/ necessarily => a strong
cipher.
In summary, all you can say, in general, AFAIK, is this:
- a simple algorithm is not necessarily weak;
- a complex algorithm is not necessarily strong;
- "few keys" definitely = a weak cipher;
- "many keys" does not necessarily = a strong cipher.
So there is at least one thing which, if it exists, instantly shows
that a cipher is weak; namely, "having a short key length that can be
brute-forced". But there is nothing which, if it exists, instantly
shows that a cipher is *strong*. A complex method is not necessarily
strong. A large key length is not necessarily strong.
AFAIK, the only way to really establish the strength of a cipher, is to
have it crytanalyzed by a professional cryptographer. General
programming skills, are nowhere near enough for this. For example, I've
been a professional software developer for over 30 years; I've written
probably half a million lines of code in many different languages; I've
had an amateur interest in cryptography for several years; but I have
absolutely /no clue/ how to cryptanalyze a cipher to see if it is weak
or strong!
HTH,
TC (MVP MSAccess)
http://tc2.atspace.com
.
- Follow-Ups:
- Re: a few questions about AES
- From: Antony Clements
- Re: a few questions about AES
- References:
- a few questions about AES
- From: Antony Clements
- Re: a few questions about AES
- From: mike3
- Re: a few questions about AES
- From: Antony Clements
- Re: a few questions about AES
- From: TC
- Re: a few questions about AES
- From: Antony Clements
- a few questions about AES
- Prev by Date: Re: a few questions about AES
- Next by Date: Re: a few questions about AES
- Previous by thread: Re: a few questions about AES
- Next by thread: Re: a few questions about AES
- Index(es):
Relevant Pages
|
