[e-lang] Fwd: Chat with kpreid at waterpoint.org
Bill Frantz
frantz at pwpconsult.com
Sun Sep 20 23:46:12 EDT 2009
daw at cs.berkeley.edu (David Wagner) on Sunday, September 20, 2009 wrote:
>Bill Frantz wrote:
>> AES - Recent work has shown that AES256 is only a bit stronger than AES128,
>
>This is not an accurate summary of recent work, in my opinion.
>
>For most purposes AES256 is just fine. There are no known weaknesses
>that are relevant to the way that AES256 is normally used in practice --
>including, as far as I know, the way it is used in TLS.
>
>That's not to say that the difference between AES128 vs AES256 is
>likely to matter much. It is very unlikely that AES128 will be the
>weakest link in your system. So either one is a perfectly respectable
>choice, from the point of view of security.
>
>For further details and explanation on how to interpret the recent
>work on AES256, see my comments elsewhere:
> https://financialcryptography.com/cgi-bin/mt/mt-comments.cgi?entry_id=1180
> http://www.schneier.com/blog/archives/2009/07/another_new_aes.html#c387018
I think David and I are in basic agreement about what this recent work means for our use of the SSL/TLS CipherSuites which include AES. To be specific, and to give David a chance to disagree:
Related key attacks should not be a problem given the use of
Diffie-Hellman key agreement and the way SSL/TLS generates keys.
SSL/TLS VatTP should use AES-128.
There isn't much practical benefit of using AES-192 or AES-256 over using
AES-128, and there are costs in additional compution.
Where we may disagree, and please remember that David is a much better
cryptographer than me, is the long-term meaning of these attacks. I tend to
see them as the start of a slowly crumbling edifice which may fall in the
long term. David doesn't seem to see it that way.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier
More information about the e-lang
mailing list