ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AES-256 vs AES-128 (Re: Suggested DER Prefixes)

2003-05-30 17:52:54
from [Hironobu SUZUKI] [Permanent Link] 


I really think AES-128 is safe against brute-force attack in next a
decade but that is not enough.

First of all, I have to say that I am a paranoid ;-)

In PGP, TLS and other so-called PKC applications, the symmetric cipher
algorithm will be used with secret key exchange protocol.  There are
possibility the key space of symmetric cipher shrink if key exchange
protocol has flaw.

Symmetric cipher is good, PKC cipher is good also. But protocol has
flaw then security mergin would be shrunken.

If 50% of key space (128 -> 64, 256 -> 128) corrupt?.  64bit key size
is no survive.

I never ignore AES-256 because it become a sort of "insurance" when
the worst case of protocol problem is happened.

Regards,

-- 
Hironobu SUZUKI
E-Mail: hironobu(_at_)h2np(_dot_)net
URL: http://h2np.net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: AES-256 vs AES-128 (Re: Suggested DER Prefixes), Steven M. Bellovin
Next by Date:  Re: AES-256 vs AES-128 (Re: Suggested DER Prefixes), David Shaw
Previous by Thread:  Re: AES-256 vs AES-128 (Re: Suggested DER Prefixes), John Wilkinson
Next by Thread:  Re: AES-256 vs AES-128, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]