Re: Weakness in AES found

From: Jeffrey Goldberg <nobody@xxxxxxxxxxxx>
Date: Fri, 19 Aug 2011 12:29:04 -0500

On 11-08-19 10:00 AM, biject wrote:

One question I have to ask about this. Is that if this was written
and not suppressed during the AES contest itself. Would a different
cipher have been chosen or blessed?

I strongly suspect that something else (or modified) would be chosen.

Maybe its time to take another look at some of the other possible
candidates

I talked about this in another post in this thread, but we don't yet
know what other AES finalists are also subject to this attack. The
authors have already shown that some hash algorithms are subject to the
same sort of attack, so it isn't clear how unique to Rijndael this is. I
strongly suspect that there are loads of graduate students working on
biclique attacks against those right now.

after all it is kind of foolish to put all the eggs in one basket.

There are software suites out there that incorporate all of the AES
finalists. So for many things, it is easy to swap out Rijndael for
something else. Indeed, various network protocols such as TLS have
"negotiation of which ciphers to use" as part of the protocol.

Where it isn't so easy is where there is hardware support. Many chips
are built with hardware support for AES. Because that is a very capital
intensive business, switching is hard.

Cheers,

-j

--
Jeffrey Goldberg http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid
.

Follow-Ups:
- Re: Weakness in AES found
  - From: tom st denis

References:
- Weakness in AES found
  - From: Kulin Remailer
- Re: Weakness in AES found
  - From: Francois Grieu
- Re: Weakness in AES found
  - From: tom st denis
- Re: Weakness in AES found
  - From: Jean-Marc Desperrier
- Re: Weakness in AES found
  - From: Jean-Marc Desperrier
- Re: Weakness in AES found
  - From: unruh
- Re: Weakness in AES found
  - From: biject

Prev by Date: Re: Learning cryptanalysis
Next by Date: Re: an RC4 variant.
Previous by thread: Re: Weakness in AES found
Next by thread: Re: Weakness in AES found
Index(es):
- Date
- Thread

Relevant Pages

Re: Quadruple Algorithms
... occurring" (a fatal flaw being found in AES, ... the most likely attack on your entire system, ... Threat one: Your implementation of AES has an undiscovered ... with the output of one cipher feeding ...
(sci.crypt)
Re: Only people who originally frequent sci.crypt reply to this
... The mode of a cipher is one of the many, ... you need to get right in order to turn a secure algorithm into a secure ... there are no known attacks against AES. ... attack of any kind against a cipher, ...
(sci.crypt)
Quadruple Algorithms
... occurring" (a fatal flaw being found in AES, ... the most likely attack on your entire system, ... Threat one: Your implementation of AES has an undiscovered ... with the output of one cipher feeding ...
(sci.crypt)
Re: Weakness in AES found
... cipher have been chosen or blessed? ... I strongly suspect that something else would be chosen. ... know what other AES finalists are also subject to this attack. ... same sort of attack, so it isn't clear how unique to Rijndael this is. ...
(sci.crypt)
Re: Countering chosen-plaintext attacks
... > way) an attack specific to the design that won't exist until ... Choosing the plaintext or ciphertext. ... another cipher, say, AES in front of it. ...
(sci.crypt)