Strongest Key, Hash, and Cypher Algorithms

Atom Smasher atom at smasher.org
Mon Feb 7 22:37:09 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 7 Feb 2005, Ryan Malayter wrote:

> [From Atom Smasher]
>> i don't like AES...
>
> None of the papers I've read suggest anything close to an attack that is 
> better than brute-force on full-round AES. Although, I have seen some in 
> the crypto field complain Rijndael is just "too simple" to be secure. Of 
> course, the same was said about RC4 many years ago, and AFAIK there are 
> still no attacks better than brute force against the RC4 algorithm 
> itself (protocol issues in WEP don't count).
===================

there have been several succesful attacks against against RC4, but only 
when it's incorectly implemented. the lesson here is that some good 
algorithms are weakly implemented... some algorithms are difficult to 
implement correctly. i think elgamal for signatures falls into that 
category.


> Just to edjumacate myself, as W. would say, what are your reasons for 
> disliking AES? I've been using it more and more frequently for VPNs I 
> set up when there is no hardware crypto assist available, since the CPU 
> utilization is so much lower than with 3DES.
================

http://en.wikipedia.org/wiki/AES#Security

 	Some cryptographers worry about the security of AES. They feel 
that the margin between the number of rounds specified in the cipher and 
the best known attacks is too small for comfort. The risk is that some way 
to improve these attacks might be found and that, if so, the cipher could 
be broken. In this meaning, a cryptographic "break" is anything faster 
than an exhaustive search, so an attack against 128-bit key AES requiring 
'only' 2120 operations would be considered a break even though it would 
be, now, quite infeasible. In practical application, any break of AES 
which is only this 'good' would be irrelevant. For the moment, such 
concerns can be ignored. The largest publically-known brute-force attack 
has been against a 64 bit RC5 key by distributed.net.

 	Another concern is the mathematical structure of AES. Unlike most 
other block ciphers, AES has a very neat mathematical description [2] 
(http://www.macfergus.com/pub/rdalgeq.html), [3] 
(http://www.isg.rhul.ac.uk/~sean/). This has not yet led to any attacks, 
but some researchers are worried that future attacks may find a way to 
exploit this structure.

 	In 2002, a theoretical attack, termed the "XSL attack", was 
announced by Nicolas Courtois and Josef Pieprzyk, showing a potential 
weakness in the AES algorithm. It seems that the attack, if the 
mathematics is correct, is not currently practical as it would have a 
prohibitively high "work factor". There have been claims of considerable 
work factor improvement, however, so the attack technique might become 
practical in the future. On the other hand, several cryptography experts 
have found problems in the underlying mathematics of the proposed attack, 
suggesting that the authors have made a mistake in their estimates. 
Whether this line of attack can be made to work against AES remains an 
open question. For the moment, as far as is publicly known, the XSL attack 
against AES is speculative; it is unlikely that anyone could carry out the 
current attack in practice.



- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"There is no such thing at this date of the world's history in
 	 America as an independent press. You know it, and I know it.
 	 There is not one of you who dares to write his honest
 	 opinion, and if you did, you know beforehand it would never
 	 appear in print. I am paid weekly for keeping my honest
 	 opinion out of the paper. Others of you are paid similar
 	 salaries for similar things. And any of you who would be so
 	 foolish as to write honest opinions would be out on the
 	 streets looking for another job.

 	"If I allow my honest opinions to appear in one issue of my
 	 paper, before 24 hours, my occupation would be gone. The
 	 business of the journalist is to destroy the truth, to lie
 	 outright, to pervert, to vilify, to fawn at the feet of
 	 Mammon and to sell his country and his race for his daily
 	 bread. You know it, and I know it, and what folly is this
 	 toasting an independent press? We are the tools and the
 	 vassals of rich men behind the scenes. We are the jumping
 	 jacks. They pull the strings, and we dance. Our talents, our
 	 possibilities and our lives are all the property of other men.

 	 "We are intellectual prostitutes."
 		-- John Swinden, 1953, then head of the New York
 		Times, when asked to toast an independent press
 		in a gathering at the National Press Club.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJCB9+NAAoJEAx/d+cTpVcitjgH/3OVMpY8QXblFfvrmeaG86/A
ZJ7H+eqbMKKtIWexYpcthlNdbm2le9TNdx0b5BhiWVJot0R+8XncMYvLtP5z/dMR
WdowPoZ2f1EzpXDOwLS4rTEQG7GgcJnSYTBch9ow7A3D03z4XG8Q6wVla2Gn1Sum
JpmnL2Wm/aC6y/iK+JCy1s9Psq3yka+yuo+8vPJd4t3vZnwKZFMLs2TuJUqpMHiT
ocooXsjKPIPADxvg+0b5W+iDUs/dBvX3Y/Q+wG5HoD/x34pcyBTnaib/XEqF7N0I
OH/Gw16DB7CA69dzOtikE0dyvBaFENkFNbHxytls043DI89cRSAiu+EYL+fZPq4=
=CfPS
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list