[Ach] My review of the PDF ;)

Manuel Koschuch koschuch at gmx.net
Tue Nov 12 15:24:33 CET 2013

On Tue, Nov 12, 2013 at 2:15 PM, David Durvaux
<david.durvaux at autopsit.org>wrote:

> [...]
> I would like to discuss briefly the AES key length.  I found back this
> reference on Bruce Schneier blog:
> https://www.schneier.com/blog/archives/2009/07/another_new_aes.html.
>  It's from 2009 (so, what's the latest status on this?) but basically state
> that some attack where only affecting AES258 and broke up to 11 of the 14
> rounds.  AES256 is still safe but MAYBE that the key size in that
> particular example COULD BE counter effective.  As say in french "avec des
> si on met Paris en bouteille" ("With IF, you put Paris in a bottle"), there
> a a lot of conditions and open questions but maybe something we need to
> keep in mind.

The main idea behind this is that when doing crypto, basically everything
that's faster than brute-force is considered a more or less "sucessful"
attack, so the longer the key the more leeway there is of still being
2better than brute-force", while still being computationally infeasible.

Due to the Key-Schedule in AES (which was optimised for the 128-Bit
version), the 256-bit variant is in fact easier to break than the 128-bit
version using related-key attacks (but still practically infeasible with a
complexity of around 2^100).
But it doesnt't look like any variant of AES is currently even close to
being broken. [1]

> As an extra reference, the Hanbook of Applied Cryptography (
> http://cacr.uwaterloo.ca/hac/) which is freely available was (still the
> case) considered as an excellent reference during my studies (finished 6
> years ago :'().

Basically it still is for the underlying mathematics, some of the
recommendations regarding key-sizes or algorithms are of course a little
outdated by now...

Best regards

[1] http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf

> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20131112/4633ae44/attachment.html>

More information about the Ach mailing list