Quantum computers, if they will ever be built, will halve the effective
keylength by bruteforcing in the sqrt() of the time required by a classical
machine.
Enzo
----- Original Message -----
From: David Honig <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, November 23, 1999 11:28 PM
Subject: AES design questions
>
> 1. Why does AES require 128 bit blocks? Any other reason
> than to make ECB codebook attacks tougher?
>
> 2. Why does AES require >128 bit keylength support? 2^128
> is not practically breakable. What am I missing? Is this
> simple "overengineering" aka "safety margins" (plus "bits are cheap, but
> not so cheap that using minimal-128 isn't worth it
> sometimes")?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
