AES test module
Dr. Ernst Molitor
molitor@mibi02.meb.uni-bonn.de
Wed, 4 Oct 2000 16:18:00 +0200
Dear Werner Koch,
thank you very much for your kind reply. Please accept my apologies
for not mentioning my admiration for providing an AES module for GnuPG
with virtually no delay at all - I simply was too astonished to
acknowledge this in my first message.
>
>IMO it does not make sense to use huge keysizes without any good
>reasoning. The 256 bits used for Twofish are already a marketing
>size and given that the reports on Twofish at the time of the AES 2
>conference state that the 128 bit keysize has been much better
>analyzed than the larger ones, I see no technical reason to go
>beyond 128 bits. If we are talking about the public key encryption,
>those keys are only session keys and cracking them by some high
>expensive mechanism does not make sense at all.
>
This is acknowledged, but I still want to mention two points.
- Given that Rijndael compares very well with other AED candidates
regarding the processing by current CPUs, using larger keys seems
to be not-too-costly.
- GnuPG lends itself beautifully to uses other than encryption
of email messages, IMHO. At my place of work, I'm using it
to encrypt daily backups of a certain database which are
kept for quite a while; an able attacker might be happy to
break into just one (e.g., the latest) backup. Admittedly,
I can use the larger keysize for just this use of your
fine program.
>I guess that 99% of all networked boxes are easy to trojan and in
>this case you are lost anyway.
Huuuh, this is kind of a dangerous argument, IMHO. Follow this thought
to some extent, and you end up with the judgment that encryption is
futile anyway ;-)
Best wishes and regards,
Ernst