On 2/25/11 10:27 PM, Aaron Toponce wrote: > On 02/25/2011 07:39 PM, Robert J. Hansen wrote: >> Bruce himself recommends AES over TWOFISH. > > [citation needed]
_Practical Cryptography_. Read it. Other people on this list can provide a page ref: I'm at a funeral in the middle of nowhere and don't have my books handy. > I know that he's recommended AES-128 over AES-256, but I've not read > where he's recommended AES over TWOFISH. Many times. It's not hard to find these recommendations: Google is your friend. > Again, [citation needed]. 3DES has an effective security of only 80 bits > due to the meet-in-the-middle attack and known- or chosen-plaintext > attacks I don't have the exact quote from sci.crypt handy (as mentioned, I'm in the middle of nowhere). I'll look for it once I'm back on the East Coast. I'm sure there are many people here who could provide it for you, though. Regardless, you really need to pay attention to the fine print. First, the numbers you cite are for *two*-key 3DES, and OpenPGP specifies *three*-key 3DES be used. 3DES's meet-in-the-middle is at 112 bits of security -- plenty enough for almost any purpose. Second, that meet-in-the-middle on 3DES requires 2**32 known plaintexts, 2**113 operations, 2**90 encryptions and 2**88 memory. This is so unrealistic it deserves to be called fantasy. Miss any of those and you're up to a work factor of 2**168. So, yeah. 3DES's effective security is 168 bits, unless you're up against the space aliens from Zarbnulax, in which case you're SOL no matter what algorithm you use. > and NIST is only willing to back the algo through 2030. 3DES's history is instructive. NIST has declared it "dead in 20 years" more often than Netcraft has declared BSD to be dying.[*] At this point, I'm unaware of anyone who seriously believes 3DES will be gone in 20 years. Most people seem to be of the belief that in about fifteen years NIST will say, "and 3DES is believed strong through 2050." [*] A humorous reference to a Slashdot meme. BSD partisans, relax, I'm not seriously suggesting this... _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
