On 8/7/09 19:52, Eddy Nigg wrote:
On 07/08/2009 08:35 PM, Paul Hoffman:
At 8:08 PM +0300 7/8/09, Eddy Nigg wrote:
Funny that today it's better to use AES-128.
Why do you say that? It's the opposite of what the people who wrote
the paper say.
I've not read it today, but IIRC AES-128 remained
AFAIK, 2^119 is the worst-time complexity of the attack. Breaking a 256-bit
key through a brute-force attack takes 2^256 operations in the worst case.
The 'X/2' you are talking about is the average case, right? We are not
looking for collisions here, so the birthday paradox doesn't apply...
On 9/7/09 17:33, Peter Djalaliev wrote:
AFAIK, 2^119 is the worst-time complexity of the attack. Breaking a
256-bit key through a brute-force attack takes 2^256 operations in the
worst case. The 'X/2' you are talking about is the average case,
right? We are not looking for collisions here, so
The weakness was discovered when we looked at AES as a hash function,
and tried to find weaknesses that are specific for hash functions. We
think that most cryptographers used only blockcipher-oriented
techniques, against which AES was well protected by the designers.
All this quote says, I
At 3:16 PM +0200 7/9/09, Ian G wrote:
Although I haven't read it at all, normally what happens is that the strength
of an algorithm of X bits is X/2.
Say what!?! AES is an encryption function, not a hash function. AES-256 has a
strength of 256 bits.
--
dev-tech-crypto mailing list
There has been an attack on the full AES-256 algorithm with space and
time complexity of 2^119. Reportedly, the attack works on all keys.
https://cryptolux.uni.lu/mediawiki/uploads/1/1a/Aes-192-256.pdf
Bruce Schneier mentions this in his blog:
On 07/08/2009 08:03 PM, Peter Djalaliev:
There has been an attack on the full AES-256 algorithm with space and
time complexity of 2^119. Reportedly, the attack works on all keys.
Funny that today it's better to use AES-128.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber:
At 8:08 PM +0300 7/8/09, Eddy Nigg wrote:
On 07/08/2009 08:03 PM, Peter Djalaliev:
There has been an attack on the full AES-256 algorithm with space and
time complexity of 2^119. Reportedly, the attack works on all keys.
The title of the paper (and the body, of course) says otherwise.
Funny
This is a related-key attack of only theoretical interest at the moment. It
is believed that related-key attack are very hard to stage in applications
like SSL/TLS. Some of the NIST SHA-3 candidates however, seem to use the
input data (directly or indirectly) to get a key for AES. Hash
On 07/08/2009 08:35 PM, Paul Hoffman:
At 8:08 PM +0300 7/8/09, Eddy Nigg wrote:
Funny that today it's better to use AES-128.
Why do you say that? It's the opposite of what the people who wrote the paper
say.
I've not read it today, but IIRC AES-128 remained 2^128 because the
10 matches
Mail list logo
