Strongest Key, Hash, and Cypher Algorithms

Wesley Tabadore wesley.tabadore at
Mon Feb 7 22:56:31 CET 2005


This is great information!  Can you provide such an analysis for TWOFISH?

How about for the asymmetric algorithms supported by GPG?  

There is so much data to sort through out there, it is difficult to
come up with the consise explanations and feedback you have given thus
far.  Would really apreciate more on the other options.  :-)



On Mon, 7 Feb 2005 16:37:09 -0500 (EST), Atom Smasher <atom at> wrote:
> Hash: SHA256
> On Mon, 7 Feb 2005, Ryan Malayter wrote:
> > [From Atom Smasher]
> >> i don't like AES...
> >
> > None of the papers I've read suggest anything close to an attack that is
> > better than brute-force on full-round AES. Although, I have seen some in
> > the crypto field complain Rijndael is just "too simple" to be secure. Of
> > course, the same was said about RC4 many years ago, and AFAIK there are
> > still no attacks better than brute force against the RC4 algorithm
> > itself (protocol issues in WEP don't count).
> ===================
> there have been several succesful attacks against against RC4, but only
> when it's incorectly implemented. the lesson here is that some good
> algorithms are weakly implemented... some algorithms are difficult to
> implement correctly. i think elgamal for signatures falls into that
> category.
> > Just to edjumacate myself, as W. would say, what are your reasons for
> > disliking AES? I've been using it more and more frequently for VPNs I
> > set up when there is no hardware crypto assist available, since the CPU
> > utilization is so much lower than with 3DES.
> ================
>        Some cryptographers worry about the security of AES. They feel
> that the margin between the number of rounds specified in the cipher and
> the best known attacks is too small for comfort. The risk is that some way
> to improve these attacks might be found and that, if so, the cipher could
> be broken. In this meaning, a cryptographic "break" is anything faster
> than an exhaustive search, so an attack against 128-bit key AES requiring
> 'only' 2120 operations would be considered a break even though it would
> be, now, quite infeasible. In practical application, any break of AES
> which is only this 'good' would be irrelevant. For the moment, such
> concerns can be ignored. The largest publically-known brute-force attack
> has been against a 64 bit RC5 key by
>        Another concern is the mathematical structure of AES. Unlike most
> other block ciphers, AES has a very neat mathematical description [2]
> (, [3]
> ( This has not yet led to any attacks,
> but some researchers are worried that future attacks may find a way to
> exploit this structure.
>        In 2002, a theoretical attack, termed the "XSL attack", was
> announced by Nicolas Courtois and Josef Pieprzyk, showing a potential
> weakness in the AES algorithm. It seems that the attack, if the
> mathematics is correct, is not currently practical as it would have a
> prohibitively high "work factor". There have been claims of considerable
> work factor improvement, however, so the attack technique might become
> practical in the future. On the other hand, several cryptography experts
> have found problems in the underlying mathematics of the proposed attack,
> suggesting that the authors have made a mistake in their estimates.
> Whether this line of attack can be made to work against AES remains an
> open question. For the moment, as far as is publicly known, the XSL attack
> against AES is speculative; it is unlikely that anyone could carry out the
> current attack in practice.
> - --
>         ...atom
>  _________________________________________
>  PGP key -
>  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
>  -------------------------------------------------
>        "There is no such thing at this date of the world's history in
>         America as an independent press. You know it, and I know it.
>         There is not one of you who dares to write his honest
>         opinion, and if you did, you know beforehand it would never
>         appear in print. I am paid weekly for keeping my honest
>         opinion out of the paper. Others of you are paid similar
>         salaries for similar things. And any of you who would be so
>         foolish as to write honest opinions would be out on the
>         streets looking for another job.
>        "If I allow my honest opinions to appear in one issue of my
>         paper, before 24 hours, my occupation would be gone. The
>         business of the journalist is to destroy the truth, to lie
>         outright, to pervert, to vilify, to fawn at the feet of
>         Mammon and to sell his country and his race for his daily
>         bread. You know it, and I know it, and what folly is this
>         toasting an independent press? We are the tools and the
>         vassals of rich men behind the scenes. We are the jumping
>         jacks. They pull the strings, and we dance. Our talents, our
>         possibilities and our lives are all the property of other men.
>         "We are intellectual prostitutes."
>                -- John Swinden, 1953, then head of the New York
>                Times, when asked to toast an independent press
>                in a gathering at the National Press Club.
> Version: GnuPG v1.4.0 (FreeBSD)
> Comment: What is this gibberish?
> Comment:
> iQEcBAEBCAAGBQJCB9+NAAoJEAx/d+cTpVcitjgH/3OVMpY8QXblFfvrmeaG86/A
> ZJ7H+eqbMKKtIWexYpcthlNdbm2le9TNdx0b5BhiWVJot0R+8XncMYvLtP5z/dMR
> WdowPoZ2f1EzpXDOwLS4rTEQG7GgcJnSYTBch9ow7A3D03z4XG8Q6wVla2Gn1Sum
> JpmnL2Wm/aC6y/iK+JCy1s9Psq3yka+yuo+8vPJd4t3vZnwKZFMLs2TuJUqpMHiT
> ocooXsjKPIPADxvg+0b5W+iDUs/dBvX3Y/Q+wG5HoD/x34pcyBTnaib/XEqF7N0I
> OH/Gw16DB7CA69dzOtikE0dyvBaFENkFNbHxytls043DI89cRSAiu+EYL+fZPq4=
> =CfPS
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list