Aviram Jenik <avi...@jenik.com> writes: > The question "is encryption ABC safe" is nowadays a purely academic > question and only academics care about them (no offense Oleg).
None taken[*]. I re-read my post and I see now that I didn't emphasize that I meant "OpenSSH implementation of AES" when I wrote "AES". All my wondering is about SSH on Linux, not about maths, but I realize now that I did not make it clear, apart from the subject line. ;-) [I did say the question was strictly curiousity-driven.] Having said that, safety is defined/interpreted in terms of cost and time required from an adversary. I have no idea how many Hubble times one would need to break either AES-128 or AES-256 given the aggregate resources of Top500 (or NSA) or custom HW, or how many orders of magnitude can be shaved off by clever use of additional information[*]. But I would not completely discount the rate at which the safety margin of a fixed (in terms of number of rounds, etc.) implementation is shrinking. To emphasize again, I expect NSA, if they suddenly develop an interest in one of my machines, to break in exploiting an unpatched bug somewhere rather than breaking AES, of course. [*] I hope no member of Linux-IL who has authored academic papers on attacks on AES that experts dubbed "almost practical" will be offended, either. ;-) https://www.schneier.com/blog/archives/2009/07/another_new_aes.html http://www.wisdom.weizmann.ac.il/~tromer/papers/cache.pdf -- Oleg Goldshmidt | p...@goldshmidt.org _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il