2010/7/18 Yoshisato YANAGISAWA <[email protected]>: > "other people use it" shows that the algorithm is well-tested. > I know AES is also approved cipher of NESSIE. However, I see some reasons > to believe Camellia is better than AES. > - Full spec. Camellia 128bits, 192bits, and 256bits are not broken yet. > While, AES-192 is logically broken. [1]
All these related key attacks against AES are rather irrelevant in practice. OpenSSH does not use a contrived scheme to derive a new session key from the previous session keys. > - More compact hardware implementation. [2] > - Run faster under small amount of memory. [2] A lot of platforms have hardware acceleration for AES, but not for Camellia. A good recent example is Intel AES-NI. Best regards, Dries
