Re: [TLS] Comparative cipher suite strengths

To: tls at ietf.org
Subject: Re: [TLS] Comparative cipher suite strengths
From: Bill Frantz <frantz at pwpconsult.com>
Date: Thu, 30 Apr 2009 18:56:35 -0700
Delivered-to: tls at core3.amsl.com
In-reply-to: <20090423185550.GW1500 at Sun.COM>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>

Nicolas.Williams at sun.com (Nicolas Williams) on Thursday, April 23, 2009 wrote:

>The more likely explanation is that *some* imaginable
>cryptanalytic advances could reduce the effective strength of AES in
>such a way that longer keys remain more secure than shorter keys.

When I think of the reasons that NSA/DOD could have for requiring AES-128
for secret and AES-192 for top secret, I think they may be looking at the
whole cryptographic system. While symmetric cyphers have some solid math
behind them, other parts of the system, such as generating random numbers
for the keys are frequently more akin to black magic.

If my random numbers were only 75% random against some attack, with AES-192
I would still have 128 bits of strength against a brute force attack. With
AES-128, I'd only have 96 bits, and I would be quite concerned when
protecting top secret data.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"After all, if the conventional wisdom was working, the
408-356-8506       | rate of systems being compromised would be going down,
www.periwinkle.com | wouldn't it?" -- Marcus Ranum

Follow-Ups:
- Re: [TLS] Comparative cipher suite strengths
  - From: Steven M. Bellovin
- Re: [TLS] Comparative cipher suite strengths
  - From: Peter Gutmann
- Re: [TLS] Comparative cipher suite strengths
  - From: Eric Rescorla

References:
- Re: [TLS] Comparative cipher suite strengths
  - From: Nicolas Williams

Prev by Date: Re: [TLS] Decryption_failed alert in TLS 1.1
Next by Date: Re: [TLS] Comparative cipher suite strengths
Previous by thread: Re: [TLS] Comparative cipher suite strengths
Next by thread: Re: [TLS] Comparative cipher suite strengths
Index(es):
- Date
- Thread

Re: [TLS] Comparative cipher suite strengths

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.