| On Wed, Nov 08, 2006 at 05:58:41PM -0500, Leichter, Jerry wrote:
| > Sorry, that doesn't make any sense. If your HWRNG leaks 64 bits,
| > you might as well assume it leaks 256. When it comes to leaks of
| > this sort, the only interesting numbers are "0" and "all".
|
| Nonsense. I can cite num
| > | > Just wondering about this little piece. How did we get to 256-bit
| > | > AES as a requirement? Just what threat out there justifies it? ...
|
| I can see it as useful if some bits of the key got leaked somehow.
| For example, if you're using a HWRNG to generate keys, and it's
| bits are
Just wondering about this little piece. How did we get to 256-bit
AES as a requirement? Just what threat out there justifies it?
There's no conceivable brute-force attack against 128-bit AES as far
out as we can see, so we're presumably begin paranoid about an
analytic
attack. But is there e