[Top] [All Lists]

Re: I-D ACTION:draft-ietf-openpgp-camellia-00.txt

2007-11-28 04:36:47

Werner Koch wrote:
On Tue, 27 Nov 2007 17:33, iang(_at_)systemics(_dot_)com said:

To me, this doesn't argue for 128 bit keys.  You can achieve the same
effect by taking 128 bits of randomness and adding 128 0's on the end.

I just wonder whether Camellia been analyzed for such an "abuse" of the
key length.  It is common practise to use random session key or use a
KDF to have a uniform distribution of the key bits.

Yes, use a key expansion function. I didn't mean to literally tempt the gods.

What I am trying to do here is suggest ways to reduce the work for implementors and maintainers, and also reduce possibilities for confusion by users.

There is a view that OpenPGP is a fine way to experiment with lots of different algorithms and lengths and modes and colours. I once had that view as a developer, and once even published a Java kit with lots of algorithms in it... because it was so much fun to do all these algorithms!

But it is a conceit. The maintainer in me rejected that approach within a month, and the architect in me now says that there is only one true cipher suite: