[Top] [All Lists]

Re: Twofish

1999-01-19 19:29:17
G'day all.

Jon Callas wrote:

I discussed our previous conversation, and he said that his doubt is merely
that he is not convinced that the 256-bit keys are fully exponentially
stronger than 128. I think this is reasonable, and have the same doubts
myself about all the present generation 256 bit cyphers.

Quite.  We have a precedent in our requirement of 3DES which is
vulnerable to a meet-in-the-middle attack, so we don't expect it to
be fully exponentially stronger than a modern 128 bit cipher.

Andrew Bromage

<Prev in Thread] Current Thread [Next in Thread>