Menu
▾
▴
Re: [CryptoAPI-devel] cipher documentation
|
From: David B. <db...@du...> - 2002-03-21 20:46:22
|
cool, Kyle also suggested a few things like: we reccomend nothing. w=
hich
i thought was a good policy to take. At anyrate, i'll change a few
things, and post it again for comments.
And i guess my own bias about DES(i don't like it one bit ;-) shouldn=
't
really be put in the briefs anyway.
hvr, can you give us a clue as to what/when this patch you want us to=
wait
for is coming/is about ?
Dave
On Thu, 21 Mar 2002, Gisle S{lensminde wrote:
> On Wed, 20 Mar 2002, David Bryson wrote:
>
> > I spent the last day or so collecting information on all of the c=
iphers so
> > that we could put some documentation in the "help" section of the=
configs.
> > Attached is my preliminary draft. Please look over it, find spel=
ling
> > errors, comment on it, change things. I'll try to get the digest=
s done
> > fairly soon as well.
> > Dave
> >
>
> Nice work. Here are some comments on the text:
>
> About AES/Rijndael:
>
> "It supports key sizes of 128, 192, and 256 bits which executes 9, =
11, and
> 13 rounds respectively."
>
> This is slightly wrong. The rijndael specification specifies 10, 12=
and 14
> rounds, 9, 11, and 13 ordinary round, and then one special last rou=
nd.
> This special last rounds are counted in the specification of the ci=
pher,
> so I think that it should be corrected.
>
> MARS/RC6:
>
> The IBM has patented MARS, but gives it for a royalies free license=
,
> even if it didn't won the AES competition, unlike RC6, where RSA s=
ecurity
> that only would give up their patent rights if they won. (Which was=
a
> reqirement for the candidates anyway). So you should also mention i=
t for
> RC6
>
> http://www.tivoli.com/news/press/pressreleases/en/2000/mars.html
>
> Serpent
>
> "Serpent was submitted as an AES candidate cipher coming in second =
place."
>
> This is not quite true, given that NIST only specified a winner, an=
d
> didn't rank the other 5 finalists. But the participants of the
> 3rd AES conference ranked it as no 2, and it's belived that
> it would won, if rijndael had been found unsuited for some reason.
> But NIST did not state this.
>
> DES:
>
> "This cipher was the first ever block cipher designed by Horst Fie=
stel
> which became DES(aka Lucifer)."
>
> Lucifer is the predecessor(s) of DES, rather than the same thing. T=
he
> candidate IBM gave to the NBS (predecessor of NIST), was modified b=
y NSA
> by changing the key schedule, and the sboxes. There was a lot of
> speculation of why they did so, but after diffencial cyptanalysis w=
as
> discovered by the sivil cryptographic community around 1990, it see=
med
> clear that the changes was to make the cipher resistent against
> differential cryptanalysis, and to reflect the effective keylength =
in the
> real keylength. I would rather write:
>
> "This cipher was designed by IBM and NSA based on the Lucifer ciphe=
r
> desigend by IBM"
>
> "It should be noted that DES is a older, slower, and insecure
> algorithm. We suggest you use one of the newer more secure ciphers
> with a larger key size."
>
> I would rather say something like:
>
> "It should be noted that DES has a keylength of only 56 bits, which
> is insufficient to provide real security today. We suggest you use =
one of
> the newer more secure ciphers ith a larger key size."
>
> 3DES:
>
> "This cipher is a modification of the DES algorithm which increases=
the
> keysize to 112-bits."
>
> It increases the keylength to 168 bits, but the best known
> attack has a complexity of 112 bits. If you change "keysize"
> "effective keysize" it will be more precise.
>
> "3DES is 3x slower than DES and provides minimal increase in securi=
ty."
>
> 3DES provides _much_ more security than DES. 3DES can't be broken
> today not even by NSA, unless they have some SCI-FI device in their
> basement. DES can be broken even by organizations with a limited
> budget, or groups of individuals on the net. In fact 3DES is rated
> as the most trustworthy cipher by many cryptographers, because
> it can rely on the security of DES, where most efficent attack
> is a brute force attack. The best known attack on 3DES is a meat in
> the middle attack with a work factor of 2^112 and a memory usage of
> 2^64. This is a comfortable margin to the minimum keylength even fo=
r
> longtime high security (which is 90 bits AFAIK). It better to just =
say
> it's slow.
>
>
>
> --
> Gisle S=E6lensminde ( gi...@ii... )
>
> With sufficient thrust, pigs fly just fine. However, this is not
> necessarily a good idea. It is hard to be sure where they are going
> to land, and it could be dangerous sitting under them as they fly
> overhead. (from RFC 1925)
>
>
> _______________________________________________
> CryptoAPI-devel mailing list
> Cry...@li...
> https://lists.sourceforge.net/lists/listinfo/cryptoapi-devel
>
|
