Subject: | Re: IDEA |
From: | "Eric M. Hopper" <hopper,AT,omnifarious,DOT,org> |
Date: | Thu, 3 Apr 2003 21:34:48 +0200 |
In-reply-to: | <200304011125.11214.dwilson@ibl.bm> |
On Thu, 2003-04-03 at 12:27, Ken Seefried wrote: > Eric M. Hopper writes: > > > > I, personally, could care less about idea. I would greatly appreciate > > Rijndael support. Though, I've heard rumors of a Rijndael attack that > > halves the effective key length, so I'd prefer you implement the 256 bit > > variant of Rijndael. :-) > > > > While during the AES competetion there was some interesting work done to > reduced-round variants of Rijndael (for example, > http://www.counterpane.com/rijndael.html), I believe that most of the > "rumoured" attacks against Rijndeal derrive from a paper by Courtois & > Pieprzyk (on the somewhat overwrought > http://www.minrank.org/~courtois/myresearch.html). > > This paper seems to have been fairly well debunked within the crypto > community (see for example http://www.usdsi.com/aes.html, > >https://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase2/Xslbes8_Ness.pdf > , and postings to sci.crypt). At best (worst?), it appears that XLS is a > truely novel and interesting technique for which there is no basis to claim > > that it will result in a practical attack against real cyphers. I did a little research myself, and that's the only attack I could find on the net. So, the rumors I heard were greatly exaggerated. :-) So AES with the 128 bit variant is probably enough. I would like the 256 bit variant available though. In research I did about 9 months ago, the fastest implementations were proprietary. There were some pretty decent free implementations though. Have fun (if at all possible), -- The best we can hope for concerning the people at large is that they be properly armed. -- Alexander Hamilton -- Eric Hopper (hopper,AT,omnifarious,DOT,org http://www.omnifarious.org/~hopper) --
Attachment:
pgp00001.pgp
Description: "This is a digitally signed message part"