AES test module

Werner Koch wk@gnupg.org
Wed, 4 Oct 2000 10:19:01 +0200


On Tue, 3 Oct 2000, ernst.molitor@uni-bonn.de wrote:


> and that of, e.g., Twofish as "high", wouldn't it seem prudent to
> rather err on the safe side and make the largest keysize (with most
> rounds) the default for Rijndael in GnuPG?
IMO it does not make sense to use huge keysizes without any good reasoning. The 256 bits used for Twofish are already a marketing size and given that the reports on Twofish at the time of the AES 2 conference state that the 128 bit keysize has been much better analyzed than the larger ones, I see no technical reason to go beyond 128 bits. If we are talking about the public key encryption, those keys are only session keys and cracking them by some high expensive mechanism does not make sense at all. The story might be different for symmetric only encryption but in this case you have to remember a passphrase longer than any normal human being can remember _and_ correctly type in. I have also strong doubts that the random number generator can deliver material for a 256 bit key which has more entropy in it than one for a 128 bit key. I am even not sure that the RNG has enough entropy for the 128 bit key. And I have even more doubts whether we can map a "security" of 256 bits to the behaviour of a user - I guess that is more in the range of 20 bits. If you have read the Whitten report you may have noticed that even a few percent of the users did send a plain text out while assuming they encrypted it (How may bits would you assign to this). I guess that 99% of all networked boxes are easy to trojan and in this case you are lost anyway. Ciao, Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de