On 6/19/2011 3:28 PM, Jack Lloyd wrote:
the last, if you don't know enough to just pick the strongest cipher and
be done with it without compounding?
In this case, the assumption is that XSalsa20 is stronger than
AES. AES is just the window dressing for those who insist that it be
used (eg NIST and co).
-Jack
_______________________________________________
We don't use AES because NIST says to. We use it because it externalizes
the security claims. I might claim that XSalsa20 is strong, but lots of
other people claim that AES is strong and lots of people who don't know
how to tell the different know that lots of people who do know how to
tell the difference think AES is strong.
If I put XSalsa20 in a product or standard, where people might expect to
see AES, and said to the world "Trust me, I know it's ok", I would be
crucified. I need to make stuff that is both secure and meets peoples
expectations, however ill founded. Put more simply, no one got fired for
choosing AES.
Multilayering crypto makes sense in the context that the probability of
at least one of the algorithms being unbroken is lower that the
probability of any individual one. However I expect that in any real
system using ostensibly 'good' crypto, the algorithm is not the weakest
part of the system. Rather than adding a second layer of crypto, I would
apply my efforts elsewhere.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
