Re: ECC in Botan?




"Ertugrul Söylemez" <es@xxxxxxxx> wrote in message
news:h73at4$r2d$1@xxxxxxxxxxxxxxxxxx
George Orwell schrieb:
"Ertugrul S?ylemez" <es@xxxxxxxx> wrote in message
news:h72ulp$bm5$1@xxxxxxxxxxxxxxxxxx
George Orwell schrieb:
Why do you need RSA-4096? Why are RSA-2048 or RSA-1536 inadequate?
My goal is to create an encryption protocol whose strength is
beyond
reproach and hopefully will never need a second version.
Then using RSA-4096 is the wrong way to go. What you want is not
extraordinarily large key sizes, but a flexible protocol, which can
be
adapted to future needs.

My protocol already allows multiple versions, but I'm hoping that I
never need to update it. That's why I'm choosing enormous key-sizes.
My
goal is for the protocol to be safe for the next 50 years, taking
exception to the fact that a Quantum Computer may be developed during
that time span, which will most likely make both AES and RSA
worthless.

Quantum computers don't defeat AES. Where n is size of the domain of an
injective function, a quantum computer finds preimages of it in sqrt(n)
steps. This means that it breaks AES-128 in 2^64 steps. I have read
somewhere that such a step will take a considerable amount of time. If
you want to make sure, use AES-192.


If that's true, wouldn't that argue in favor of cascading AES with,
say, Serpent?

.



Relevant Pages

  • Re: ECC in Botan?
    ... My goal is to create an encryption protocol whose strength is beyond ... that time span, which will most likely make both AES and RSA worthless. ... Quantum computers don't defeat AES. ... a quantum computer finds preimages of it in sqrt ...
    (sci.crypt)
  • Re: Rijndaels algorithm - clarifications
    ... Is Rijndael's algorithm involves only one key and actual data ... AES is a block cipher. ... you need a protocol which addresses the security features you ... uses a symmetric cipher for confidentiality (AES ...
    (sci.crypt)
  • Re: Cohens paper on byte order
    ... >> mapping be specified in AES itself or in the specification for the ... >> communication protocol you have mentioned just above, ... > but cannot tell you how to order the AES bits in each octet. ...
    (sci.crypt)
  • Re: Wireless security
    ... > Any links to the proposed stardard? ... >> Will these new cards support the new, AES based protocol? ... >> getting link layer encryption for a wireless LAN today, ...
    (sci.crypt)
  • Re: Cohens paper on byte order
    ... > programmer adding AES to a byte-level protocol can't read the AES ... > not a problem of programmer's stupidity but the problem of AES. ... > BTW any octet stream can be replesented by bit stream. ...
    (sci.crypt)