[Ach] EDH/ECDH, AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

Aaron Zauner azet at azet.org
Tue Nov 3 23:08:37 CET 2015

* Gunnar Haslinger <gh.bettercrypto at hitco.at> [03/11/2015 23:00:16] wrote:
> Could be a good decision or not, depending on how things come.
> Maybe Camellia turns out to be broken earlier than AES. Then you have to
> touch the systems you are not responsible for. So it's a 50:50 chance if
> AES or Camellia gets broken earlier. If I have two ciphersuites enabled
> the chance of having to change the configuration is doubled.

Haven't seen a lot of public cryptanalysis on CAMELLIA recently,
nobody really cares about CAMELLIA, it's in the TLS spec. but
besides that it's almost forgotten.

> Turn back time 2 years.
> You probably would have enabled AES and RC4.

No. RC4 was known to have _real_ weaknesses two years ago, not just
academic cryptographer circle-jerk stuff.


I think we're pretty well off with AES as it's been the prime target
for block-cipher cryptanalysis for years. By now people in the
crypto community are pretty certain that it won't break soon and
it's also 'resistant' to quantum computers (Grover's algorithm would
still reduce the security by about half - but we're nowhere near
implementing that in even a simulated quantum computer).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20151103/7b5b6a97/attachment.sig>

More information about the Ach mailing list