Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC

Wed, 13 Mar 2013 08:46:43 -0700 

Thanks.

On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea
<erwann.aba...@keynectis.com> wrote:
> The algorithm "Rijndael" has some knobs you can turn to tune.
> The standard "AES" has these parameters fixed in stone.
>
> AES-192 is effectively "less secure" than AES-256 because of the key length
> and number of rounds.
> But "less secure" may be "secure enough". In fact, AES-128 is secure enough
> for most uses.
> Number of rounds is important for AES security as it is for any other
> algorithm (think about attacks on reduced-rounds AES/SHA/whatever).
>
> --
> Erwann ABALEA
>
> Le 13/03/2013 15:31, Ewen Chan a écrit :
>
>> So the algorithms include the number of rounds? I thought that it
>> would only describe the math process and that it would be independent
>> of the number of rounds (so long as you meed Rijndael's "minimum" -
>> which is what the current number of rounds is set/default as).
>>
>> I did not know that. Hmmm....thanks.
>>
>> Does this mean that a AES-192-CBC is less secure than an AES-256-CBC
>> because of the key length and the number of rounds associated with
>> that; or am I understanding that wrong - that the number of rounds has
>> less-so to do with the security of the algorithm compared to the key
>> length?
>>
>> On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea
>> <erwann.aba...@keynectis.com> wrote:
>>>
>>> If you change the number of rounds, then it's not AES anymore, but a
>>> custom
>>> Rijndael.
>>> Reading the source code, it appears there's no support for that in
>>> OpenSSL
>>> (and poking inside an AES_KEY to change the number of rounds probably
>>> won't
>>> work).
>>>
>>> --
>>> Erwann ABALEA
>>>
>>> Le 13/03/2013 14:32, Ewen Chan a écrit :
>>>
>>>> There's a file that I want to encrypt using AES-192-CBC but with 19
>>>> rounds rather than the default 12-rounds.
>>>>
>>>> Is there a way for me to specify the number of rounds that I would
>>>> like to use with the AES-192-CBC? (and override the algorithm
>>>> defaults)?
>>>>
>>>> Is that something that I can within the openssl command itself (to
>>>> encrypt a file) or is the process much more involved than that? And
>>>> requires programming/scripting?
>>>
>>>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to