lcs Mixmaster Remailer wrote:
> ....
> Rijndael has attacks on 6 or 7 out of the 10 rounds for 128 bits keys;
> 7 out of 12 rounds for 192 bit keys; and 7, 8 or 9 out of 14 rounds for
> 256 bit keys (Rijndael uses more rounds for larger keys). The attacks
> against larger numbers of rounds require prohibitive levels of work.
> ...
> For those whose primary interest in AES is high security, the emphasis
> might have been placed elsewhere. Rather than choosing a cipher with
> merely an "adequate" level of security, they would prefer that the
> choice had been made from among those ciphers judged highest in security:
> MARS, Twofish and Serpent. Choosing from among these ciphers by similar
> criteria of efficiency would probably have led to Twofish.
> Rijndael appears to be a compromise between security and efficiency.
> This leaves us in an unhappy and uncomfortable position. It may well be
> that Twofish and perhaps Serpent continue to be widely used alternatives
> to AES.
I think that the author of this message contradicts himself when he writes "The attacks
[on Rijndael] against larger numbers of rounds require prohibitive levels of work."
and also "For those whose primary interest in AES is high security, the emphasis
might have been placed elsewhere." and Rijndael appears to be a compromise
between security and efficiency."
Unless the author believes that efficiency and security are defined by the number of
bits in a key. Requiring Rijndael to have the same level of security as any other
cipher
for 256 bit keys seems to me like comparing 256 apples with 256 oranges.
Cheers,
Ed Gerck
