[Ach] My review of the PDF ;)
koschuch at gmx.net
Tue Nov 12 15:24:33 CET 2013
On Tue, Nov 12, 2013 at 2:15 PM, David Durvaux
<david.durvaux at autopsit.org>wrote:
> I would like to discuss briefly the AES key length. I found back this
> reference on Bruce Schneier blog:
> It's from 2009 (so, what's the latest status on this?) but basically state
> that some attack where only affecting AES258 and broke up to 11 of the 14
> rounds. AES256 is still safe but MAYBE that the key size in that
> particular example COULD BE counter effective. As say in french "avec des
> si on met Paris en bouteille" ("With IF, you put Paris in a bottle"), there
> a a lot of conditions and open questions but maybe something we need to
> keep in mind.
The main idea behind this is that when doing crypto, basically everything
that's faster than brute-force is considered a more or less "sucessful"
attack, so the longer the key the more leeway there is of still being
2better than brute-force", while still being computationally infeasible.
Due to the Key-Schedule in AES (which was optimised for the 128-Bit
version), the 256-bit variant is in fact easier to break than the 128-bit
version using related-key attacks (but still practically infeasible with a
complexity of around 2^100).
But it doesnt't look like any variant of AES is currently even close to
being broken. 
> As an extra reference, the Hanbook of Applied Cryptography (
> http://cacr.uwaterloo.ca/hac/) which is freely available was (still the
> case) considered as an excellent reference during my studies (finished 6
> years ago :'().
Basically it still is for the underlying mathematics, some of the
recommendations regarding key-sizes or algorithms are of course a little
outdated by now...
> Ach mailing list
> Ach at lists.cert.at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ach