2010/07/18 12:22, Ted Unangst wrote:
In general, "other people do it" is a weak justification. I don't see
any reason to believe camellia would actually be better than aes. Nessie
picked aes too, you know.
"other people use it" shows that the algorithm is well-tested.
I know AES is also approved cipher of NESSIE. However, I see some
reasons to believe Camellia is better than AES.
- Full spec. Camellia 128bits, 192bits, and 256bits are not broken yet.
While, AES-192 is logically broken. [1]
- More compact hardware implementation. [2]
- Run faster under small amount of memory. [2]
[1] http://eprint.iacr.org/2010/248.pdf
[2] http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/c02e_report2.pdf
Not to mention there are software patent claims againt camellia. That's
a no go right there.
OpenBSD has already included Camellia source code as a part of OpenSSL.
It is disabled by default, though.
At the time OpenSSL included Camellia, NTT had shown following news release:
http://www.ntt.co.jp/news/news01e/0104/010417.html
NTT also announced that their Camellia implementation also becomes open
source distributed under BSDL, GPL, and so on:
http://www.ntt.co.jp/news/news06e/0604/060413a.html
Are there any problems?
