On Wed, 20 Mar 2002, David Bryson wrote:
> I spent the last day or so collecting information on all of the ciphers s=
o
> that we could put some documentation in the "help" section of the configs=
=2E
> Attached is my preliminary draft. Please look over it, find spelling
> errors, comment on it, change things. I'll try to get the digests done
> fairly soon as well.
> Dave
>
Nice work. Here are some comments on the text:
About AES/Rijndael:
"It supports key sizes of 128, 192, and 256 bits which executes 9, 11, and
13 rounds respectively."
This is slightly wrong. The rijndael specification specifies 10, 12 and 14
rounds, 9, 11, and 13 ordinary round, and then one special last round.
This special last rounds are counted in the specification of the cipher,
so I think that it should be corrected.
MARS/RC6:
The IBM has patented MARS, but gives it for a royalies free license,
even if it didn't won the AES competition, unlike RC6, where RSA security
that only would give up their patent rights if they won. (Which was a
reqirement for the candidates anyway). So you should also mention it for
RC6
http://www.tivoli.com/news/press/pressreleases/en/2000/mars.html
Serpent
"Serpent was submitted as an AES candidate cipher coming in second place."
This is not quite true, given that NIST only specified a winner, and
didn't rank the other 5 finalists. But the participants of the
3rd AES conference ranked it as no 2, and it's belived that
it would won, if rijndael had been found unsuited for some reason.
But NIST did not state this.
DES:
"This cipher was the first ever block cipher designed by Horst Fiestel
which became DES(aka Lucifer)."
Lucifer is the predecessor(s) of DES, rather than the same thing. The
candidate IBM gave to the NBS (predecessor of NIST), was modified by NSA
by changing the key schedule, and the sboxes. There was a lot of
speculation of why they did so, but after diffencial cyptanalysis was
discovered by the sivil cryptographic community around 1990, it seemed
clear that the changes was to make the cipher resistent against
differential cryptanalysis, and to reflect the effective keylength in the
real keylength. I would rather write:
"This cipher was designed by IBM and NSA based on the Lucifer cipher
desigend by IBM"
"It should be noted that DES is a older, slower, and insecure
algorithm. We suggest you use one of the newer more secure ciphers
with a larger key size."
I would rather say something like:
"It should be noted that DES has a keylength of only 56 bits, which
is insufficient to provide real security today. We suggest you use one of
the newer more secure ciphers ith a larger key size."
3DES:
"This cipher is a modification of the DES algorithm which increases the
keysize to 112-bits."
It increases the keylength to 168 bits, but the best known
attack has a complexity of 112 bits. If you change "keysize"
"effective keysize" it will be more precise.
"3DES is 3x slower than DES and provides minimal increase in security."
3DES provides _much_ more security than DES. 3DES can't be broken
today not even by NSA, unless they have some SCI-FI device in their
basement. DES can be broken even by organizations with a limited
budget, or groups of individuals on the net. In fact 3DES is rated
as the most trustworthy cipher by many cryptographers, because
it can rely on the security of DES, where most efficent attack
is a brute force attack. The best known attack on 3DES is a meat in
the middle attack with a work factor of 2^112 and a memory usage of
2^64. This is a comfortable margin to the minimum keylength even for
longtime high security (which is 90 bits AFAIK). It better to just say
it's slow.
--
Gisle S=E6lensminde ( gi...@ii... )
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going
to land, and it could be dangerous sitting under them as they fly
overhead. (from RFC 1925)
|
