On Friday 31 July 2009 20:38:24 Evan Daniel wrote: > On Fri, Jul 31, 2009 at 2:07 PM, Matthew > Toseland<[email protected]> wrote: > > http://www.schneier.com/blog/archives/2009/07/another_new_aes.html > > > > Practical related-key/related-subkey attacks on AES with a 256-bit key with > > 9, 10 and 11 rounds. The official standard uses 14 rounds, so there is > > precious little safety margin - attacks always get better. > > > > We use AES/256 (technically we use Rijndael with 256 bit key and 256 bit > > block size mostly, which isn't strictly AES, although we use 128 bit block > > size, which is, for store encryption). > > > > Such attacks rely on related-key weaknesses in the protocol (as in WEP, > > where the IV was too small). In theory we shouldn't have any, although I am > > not entirely sure how to determine this. We shouldn't have known > > ciphertext, because we have an unforgeable authenticator on all packets, > > but I'm not sure exactly what the definition of a related-key weakness is. > > > > Nonetheless, it would seem prudent to increase the number of rounds as > > Schneier outlines (28 rounds for a 256-bit key). We have the infrastructure > > to do this without too much trouble, with key subtypes and negotiation > > types. Moving to AES/128 would be considerably more work. > > I think it would be worth trying to get someone who is a qualified > cryptographer to look in detail at how Freenet uses cryptography. > Freenet does a *lot* of crypto, mixed together in ways that aren't > necessarily common. It's also a very interesting project from a > cryptographic standpoint; it seems possible that someone could be > talked into doing it on a volunteer basis. Even if it wasn't > volunteer, it might be worth seeing how much a proper review would > cost. Cryptographic review seems appropriate for a program which > relies so strongly on the strength of its cryptography.
We used to have Scott, but his email address doesn't work... Maybe I should ask Ian to locate him?
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
