Hellooooooooooo... (It's been pretty quiet here).
I would like to propose an increment to Rijndael's keySize as recommended in Practical Cryptography. From Chapter 4, section 5.8 (p. 65):
"A 128-bit key would be great except for one problem: collision attacks. Time and time again we find systems that can be attacked by a birthday attack or a meet-in-the-middle attack. We know these attacks exist." ... "Design rule 3. For a security level of n bits, every cryptographic value should be at least 2n bits long." ... "For 128-bit security we really want to use a block cipher witha block size of 256 bits, but all the common block ciphers have a block size of 128 bits." ... "Still, at least we can use the large keys that all AES candidate block ciphers support. Therefore: use 256-bit keys!"
(I hope I don't get in trouble for quoting this much text).
Furthermore, later on in chapter 22 about securing long-term secrets with passphrases, it recommends to "salt and stretch" the passphrase to a 256-bit value and use that to encrypt your secrets (i.e., keyring). The only way Rijndael can do is with a keySize of 256 bits.
If anyone objects, please let me know, otherwise I will post this change in the near future.
Thanks, Chris
Thanks Chris. That makes sense. Other opinions are welcome of course. As for the quiet, yeah it has been but there is still work going on behind the scenes, just nothing to show for it yet.
Will you or anyone else be available to look into and work with Paul's ASN.1 implementation once it is completed? Paul is on his 4th or maybe 5th iteration.
I talked to Hans-Martin and he's been way to busy to work on his projects. Maybe soon. If there is something we should be working on in the mean time please feel free to suggest it.
Ron Teitelbaum
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Chris Muller Sent: Friday, March 24, 2006 1:34 PM To: cryptography@lists.squeakfoundation.org Subject: [Cryptography Team] Rijndael class>>#keySize
Hellooooooooooo... (It's been pretty quiet here).
I would like to propose an increment to Rijndael's keySize as recommended in Practical Cryptography. From Chapter 4, section 5.8 (p. 65):
"A 128-bit key would be great except for one problem: collision
attacks. Time and time again we find systems that can be attacked by a birthday attack or a meet-in-the-middle attack. We know these attacks exist." ... "Design rule 3. For a security level of n bits, every cryptographic value should be at least 2n bits long." ... "For 128-bit security we really want to use a block cipher witha block size of 256 bits, but all the common block ciphers have a block size of 128 bits." ... "Still, at least we can use the large keys that all AES candidate block ciphers support. Therefore: use 256-bit keys!"
(I hope I don't get in trouble for quoting this much text).
Furthermore, later on in chapter 22 about securing long-term secrets with passphrases, it recommends to "salt and stretch" the passphrase to a 256- bit value and use that to encrypt your secrets (i.e., keyring). The only way Rijndael can do is with a keySize of 256 bits.
If anyone objects, please let me know, otherwise I will post this change in the near future.
Thanks, Chris
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
cryptography@lists.squeakfoundation.org