Vlad "SATtva" Miller wrote:
How about doing a triple-GOST? That would
meet the letter of the rules, and give a boost
to the security? Just brainstorming here...
Well, this may be helpful if GOST is really subject to "sliding" attacks, and
would put excercises in "meet in the middle", et cetera to pure theoretic
field (because of memory requirements). But this is hardly a good decision
anyway. Maybe GOST multiple encriptions -- on the assumpsion of architectual
similarity to DES -- isn't forming a group, but look at the keylength.
Standard variant has 256 bits + secret S-boxes give us something about 610
bits of secret data. In 3GOST (or whatever) it would be more than 1800 bits --
for symmetric cipher! Moreover, there are speed considerations...
Let's see now. 1800 bits of secret key data.
That's less than a millisecond of random data
from my /dev/urandom. So that's not an issue.
Secret key data, certainly in the OpenPGP
world is *primarily* used as a secret key
exchange encrypted by public key. So, if
one looks at the public key algoriths, they
mostly have the characteristic that when
they are encrypting, they do so over a block
that is the same size as the key. E.g., a
1024 bit key can encrypt a 1024 bit block.
(Or something - can someone post the real
cryptographer's viewpoint on this?)
So we may be limited to using 2048 bit public
keys and above when using GOST. Oh well,
that's not a biggie! Some would say that
should be mandated anyway.
Then there is the notion of straight secret
key encryption; that's solved by a key expansion
algorithm. The strength of the key then becomes
the determining issue, so doesn't matter how
long it is.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/