Quoting "Leichter, Jerry" <[EMAIL PROTECTED]>:
| ...Compusec is great for home / personal use. It is cheap i.e. $0.00
| (Free), and does not slow down the computer as much as the other
| products. But that is because it only support 128 bit AES, which is a
| major drawback as most enterprise settings require at least 256 bit
| AES....
Just wondering about this little piece. How did we get to 256-bit
AES as a requirement? Just what threat out there justifies it?
There's no conceivable brute-force attack against 128-bit AES as far
out as we can see, so we're presumably begin paranoid about an analytic
attack. But is there even the hint of an analytic attack against AES
that would (a) provide a practical way in to AES-128; (b) would not
provide a practical way into AES-256? What little I've seen in the
way of proposed attacks on AES all go after the algebraic structure
(with no real success), and that structure is the same in both
AES-128 and AES-256.
It's a management requirement. The manager sees "AES128" and "AES256"
and thinks "256 must be better than 128" and therefore the edict comes
down that AES256 must be used. It's not a technical decision. It's
not a decision made by analyzing the threats. It's made purely
by assertion, but it's a decision that can't easily be refuted.
-- Jerry
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
