AES test module

Werner Koch wk at
Wed Oct 4 11:19:01 CEST 2000

On Tue, 3 Oct 2000, ernst.molitor at wrote:

> and that of, e.g., Twofish as "high", wouldn't it seem prudent to
> rather err on the safe side and make the largest keysize (with most
> rounds) the default for Rijndael in GnuPG?

IMO it does not make sense to use huge keysizes without any good
reasoning.  The 256 bits used for Twofish are already a marketing
size and given that the reports on Twofish at the time of the AES 2
conference state that the 128 bit keysize has been much better
analyzed than the larger ones, I see no technical reason to go
beyond 128 bits.  If we are talking about the public key encryption,
those keys are only session keys and cracking them by some high
expensive mechanism does not make sense at all.

The story might be different for symmetric only encryption but in
this case you have to remember a passphrase longer than any normal
human being can remember _and_ correctly type in.

I have also strong doubts that the random number generator can
deliver material for a 256 bit key which has more entropy in it than
one for a 128 bit key.  I am even not sure that the RNG has enough
entropy for the 128 bit key.

And I have even more doubts whether we can map a "security" of 256
bits to the behaviour of a user - I guess that is more in the range
of 20 bits.  If you have read the Whitten report you may have
noticed that even a few percent of the users did send a plain text
out while assuming they encrypted it (How may bits would you assign
to this).

I guess that 99% of all networked boxes are easy to trojan and in
this case you are lost anyway.



Werner Koch				GnuPG key:  621CC013
OpenIT GmbH                   

More information about the Gnupg-devel mailing list