[Cryptography Team] Rijndael class>>#keySize
Chris Muller
chris at funkyobjects.org
Fri Mar 24 18:34:19 UTC 2006
Hellooooooooooo... (It's been pretty quiet here).
I would like to propose an increment to Rijndael's keySize as recommended in Practical Cryptography. From Chapter 4, section 5.8 (p. 65):
"A 128-bit key would be great except for one problem: collision attacks. Time and time again we find systems that can be attacked by a birthday attack or a meet-in-the-middle attack. We know these attacks exist."
...
"Design rule 3. For a security level of n bits, every cryptographic value should be at least 2n bits long."
...
"For 128-bit security we really want to use a block cipher witha block size of 256 bits, but all the common block ciphers have a block size of 128 bits."
...
"Still, at least we can use the large keys that all AES candidate block ciphers support. Therefore: use 256-bit keys!"
(I hope I don't get in trouble for quoting this much text).
Furthermore, later on in chapter 22 about securing long-term secrets with passphrases, it recommends to "salt and stretch" the passphrase to a 256-bit value and use that to encrypt your secrets (i.e., keyring). The only way Rijndael can do is with a keySize of 256 bits.
If anyone objects, please let me know, otherwise I will post this change in the near future.
Thanks,
Chris
More information about the Cryptography
mailing list