Slashdot Mirror

Finally, on October 2, 2000, NIST's main AES site is the place to start.

is supposed to read thusly:

Finally, on October 2, 2000, NIST released their final decision, that Rijndael was to be the AES selection. Simultaneously, NIST released a paper detailing their rationale for the selection. In sum, this paper says that any of the finalists could have been selected (an opinion echoed by many in the industry), but that Rijndael proved to have the proper balance necessary between speed in hardware, speed in software, and security. To quote from NIST's statement:

Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non-feedback modes. Its key setup time is excellent, and its key agility is good. Rijndael's very l ow memory requirements make it very well suited for restricted-space environ environments, in which it also demonstrates excellent performance. Rijndael's operations ons are among the easiest to defend against power and timing attacks. Additionally y, it appears that some defense can be provided against such attacks without significantly impacting Rijndael's performance. Rijndael is designed with th some flexibility in terms of block and key sizes, and the algorithm can accommodate alterations in the number of rounds, although these features would require e further study and are not being considered at this time. Finally, Rijndael's internal round structure appears to have good potential to benefit from instruction-level parallelism.

At this point, it's all over but the shouting. At some point later this year, the Secretary of Commerce will officially designate Rijndael the Advanced Encryption Standard, and a new era will have begun. AES was specified (and is expected) to remain a standard for at least as long as DES, and to protect data for even longer, and barring a major development (such as faster-than-forseen developments in quantum computing), this standard will likely be met. No one expects research into new algorithms to die, however. There will continue to be parallel algorithms developed and used, just as there are today. Thanks to be combined efforts of NIST and the community, however, there will always be the bedrock of AES available.

In conclusion, I'd like to point out the positive role that the U.S. Government, as represented by NIST, has played in this process. The Free Software/Open Source community has taken its share of shots at the government over patents, copyright and crypto export over the past several years, and deservedly so. The AES process, however, was lauded throughout the encryption community as a fair and open process that brought together the best minds available to select the algorithm for the next century (as NIST likes to say). Making an algorithm a FIPS standard gives it a legitimacy that cannot be obtained in any other way, especially given the way that this standard was arrived at. The algorithm is completely free of any IP hurdles, as was specified at the beginning of the process, and since the code is open, it can be downloaded by anyone in the world (and since it was designed outside of the U.S., any attempt to regulate its export from the U.S. would be silly). It is reasonable to criticize when a situation is bad, but it is only fair to praise when something is good.

I used a great number of sources from print and the web, so it's only fair to list them here. I also put many links in the body itself, most of which go into much more detail than I did.

• NIST's main AES site is the place to start. It links to most of the technical information I linked to above.

Finally, on October 2, 2000, NIST's main AES site is the place to start.

is supposed to read thusly:

Finally, on October 2, 2000, NIST released their final decision, that Rijndael was to be the AES selection. Simultaneously, NIST released a paper detailing their rationale for the selection. In sum, this paper says that any of the finalists could have been selected (an opinion echoed by many in the industry), but that Rijndael proved to have the proper balance necessary between speed in hardware, speed in software, and security. To quote from NIST's statement:

Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non-feedback modes. Its key setup time is excellent, and its key agility is good. Rijndael's very l ow memory requirements make it very well suited for restricted-space environ environments, in which it also demonstrates excellent performance. Rijndael's operations ons are among the easiest to defend against power and timing attacks. Additionally y, it appears that some defense can be provided against such attacks without significantly impacting Rijndael's performance. Rijndael is designed with th some flexibility in terms of block and key sizes, and the algorithm can accommodate alterations in the number of rounds, although these features would require e further study and are not being considered at this time. Finally, Rijndael's internal round structure appears to have good potential to benefit from instruction-level parallelism.

At this point, it's all over but the shouting. At some point later this year, the Secretary of Commerce will officially designate Rijndael the Advanced Encryption Standard, and a new era will have begun. AES was specified (and is expected) to remain a standard for at least as long as DES, and to protect data for even longer, and barring a major development (such as faster-than-forseen developments in quantum computing), this standard will likely be met. No one expects research into new algorithms to die, however. There will continue to be parallel algorithms developed and used, just as there are today. Thanks to be combined efforts of NIST and the community, however, there will always be the bedrock of AES available.

In conclusion, I'd like to point out the positive role that the U.S. Government, as represented by NIST, has played in this process. The Free Software/Open Source community has taken its share of shots at the government over patents, copyright and crypto export over the past several years, and deservedly so. The AES process, however, was lauded throughout the encryption community as a fair and open process that brought together the best minds available to select the algorithm for the next century (as NIST likes to say). Making an algorithm a FIPS standard gives it a legitimacy that cannot be obtained in any other way, especially given the way that this standard was arrived at. The algorithm is completely free of any IP hurdles, as was specified at the beginning of the process, and since the code is open, it can be downloaded by anyone in the world (and since it was designed outside of the U.S., any attempt to regulate its export from the U.S. would be silly). It is reasonable to criticize when a situation is bad, but it is only fair to praise when something is good.

I used a great number of sources from print and the web, so it's only fair to list them here. I also put many links in the body itself, most of which go into much more detail than I did.

• NIST's main AES site is the place to start. It links to most of the technical information I linked to above.

Finally, on October 2, 2000, NIST's main AES site is the place to start.

is supposed to read thusly:

Finally, on October 2, 2000, NIST released their final decision, that Rijndael was to be the AES selection. Simultaneously, NIST released a paper detailing their rationale for the selection. In sum, this paper says that any of the finalists could have been selected (an opinion echoed by many in the industry), but that Rijndael proved to have the proper balance necessary between speed in hardware, speed in software, and security. To quote from NIST's statement:

Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non-feedback modes. Its key setup time is excellent, and its key agility is good. Rijndael's very l ow memory requirements make it very well suited for restricted-space environ environments, in which it also demonstrates excellent performance. Rijndael's operations ons are among the easiest to defend against power and timing attacks. Additionally y, it appears that some defense can be provided against such attacks without significantly impacting Rijndael's performance. Rijndael is designed with th some flexibility in terms of block and key sizes, and the algorithm can accommodate alterations in the number of rounds, although these features would require e further study and are not being considered at this time. Finally, Rijndael's internal round structure appears to have good potential to benefit from instruction-level parallelism.

At this point, it's all over but the shouting. At some point later this year, the Secretary of Commerce will officially designate Rijndael the Advanced Encryption Standard, and a new era will have begun. AES was specified (and is expected) to remain a standard for at least as long as DES, and to protect data for even longer, and barring a major development (such as faster-than-forseen developments in quantum computing), this standard will likely be met. No one expects research into new algorithms to die, however. There will continue to be parallel algorithms developed and used, just as there are today. Thanks to be combined efforts of NIST and the community, however, there will always be the bedrock of AES available.

In conclusion, I'd like to point out the positive role that the U.S. Government, as represented by NIST, has played in this process. The Free Software/Open Source community has taken its share of shots at the government over patents, copyright and crypto export over the past several years, and deservedly so. The AES process, however, was lauded throughout the encryption community as a fair and open process that brought together the best minds available to select the algorithm for the next century (as NIST likes to say). Making an algorithm a FIPS standard gives it a legitimacy that cannot be obtained in any other way, especially given the way that this standard was arrived at. The algorithm is completely free of any IP hurdles, as was specified at the beginning of the process, and since the code is open, it can be downloaded by anyone in the world (and since it was designed outside of the U.S., any attempt to regulate its export from the U.S. would be silly). It is reasonable to criticize when a situation is bad, but it is only fair to praise when something is good.

I used a great number of sources from print and the web, so it's only fair to list them here. I also put many links in the body itself, most of which go into much more detail than I did.

• NIST's main AES site is the place to start. It links to most of the technical information I linked to above.

The AES finalists were:

MARS (IBM) (their case)
RC6 (RSA) (their case)
Rijndael (their case) (how to pronounce it)
Serpent (their case)
Twofish (Counterpane) (their case)

The AES finalists were:

MARS (IBM) (their case)
RC6 (RSA) (their case)
Rijndael (their case) (how to pronounce it)
Serpent (their case)
Twofish (Counterpane) (their case)

The AES finalists were:

MARS (IBM) (their case)
RC6 (RSA) (their case)
Rijndael (their case) (how to pronounce it)
Serpent (their case)
Twofish (Counterpane) (their case)

The AES finalists were:

MARS (IBM) (their case)
RC6 (RSA) (their case)
Rijndael (their case) (how to pronounce it)
Serpent (their case)
Twofish (Counterpane) (their case)

The AES finalists were:

MARS (IBM) (their case)
RC6 (RSA) (their case)
Rijndael (their case) (how to pronounce it)
Serpent (their case)
Twofish (Counterpane) (their case)

Not much to say here.

I noticed some links were bad. So, for your pleasure, look at http://www.nist.gov/aes
instead. It has all the links to everything.

In case anyone is wondering if there are any applications that use AES, the newest version of PGP do. I am not using any version past 6.5.8 due to the NAI/PRZ split that was noted here on Monday, but I thought I would make sure you all knew.
----------------------
Kurt A. Mueller
kurtm3@bigfoot.com
PGP key id:0x4FB5FB1D

Finally, on October 2, 2000, NIST released their final decision, that R
ijndael was to be the AES selection. Simultaneously, NIST released a paper
detailing their rationale for the selection. In sum, this paper says that any of the finalists could have been selected (an opinion echoed by man y in
the industry), but that Rijndael proved to have the proper balance necessary between speed in hardware, speed in software, and security. To quote from
NIST's statement:

Rijndael appears to be consistently a very good
performer in both hardware and software across a wide range of computing
environments regardless of its use in feedback or non-feedback modes. Its key
setup time is excellent, and its key agility is good. Rijndael's very l ow
memory requirements make it very well suited for restricted-space environ environments,
in which it also demonstrates excellent performance. Rijndael's operations ons are
among the easiest to defend against power and timing attacks. Additionally y, it
appears that some defense can be provided against such attacks without
significantly impacting Rijndael's performance. Rijndael is designed with th some
flexibility in terms of block and key sizes, and the algorithm can accommodate
alterations in the number of rounds, although these features would require e
further study and are not being considered at this time. Finally, Rijndael's
internal round structure appears to have good potential to benefit from
instruction-level parallelism.

At this point, it's all over but the shouting. At some point later this year, the Secretary of Commerce will officially designate Rijndael the
Advanced Encryption Standard, and a new era will have begun. AES was specified (and is expected) to remain a standard for at least as long as DES, and
to protect data for even longer, and barring a major development (such as faster-than-forseen developments in quantum computing), this standard will
likely be met. No one expects research
into new algorithms to die, however. There will continue to be parallel algorithms developed and used, just as there are today. Thanks to be combined
efforts of NIST and the community, however, there will always be the bedrock of AES available.

In conclusion, I'd like to point out the positive role that the U.S. Government, as represented by NIST, has played in this process. The Free
Software/Open Source community has taken its share of shots at the government over patents, copyright and crypto export over the past several years,
and deservedly so. The AES process, however, was lauded throughout the encryption community as a fair and open process that brought together the best
minds available to select the algorithm for the next century (as NIST likes to say). Making an algorithm a FIPS standard gives it a legitimacy that
cannot be obtained in any other way, especially given the way that this standard was arrived at. The algorithm is completely free of any IP hurdles,
as was specified at the beginning of the process, and since the code is open, it can be downloaded by anyone in the world (and since it was designed
outside of the U.S., any attempt to regulate its export from the U.S. would be silly). It is reasonable to criticize when a situation is bad, but
it is only fair to praise when something is good.

I used a great number of sources from print and the web, so
it's only fair to list them here. I also put many links in the body itself,
most of which go into much more detail than I did.

Finally, on October 2, 2000, NIST released their final decision, that R
ijndael was to be the AES selection. Simultaneously, NIST released a paper
detailing their rationale for the selection. In sum, this paper says that any of the finalists could have been selected (an opinion echoed by man y in
the industry), but that Rijndael proved to have the proper balance necessary between speed in hardware, speed in software, and security. To quote from
NIST's statement:

Rijndael appears to be consistently a very good
performer in both hardware and software across a wide range of computing
environments regardless of its use in feedback or non-feedback modes. Its key
setup time is excellent, and its key agility is good. Rijndael's very l ow
memory requirements make it very well suited for restricted-space environ environments,
in which it also demonstrates excellent performance. Rijndael's operations ons are
among the easiest to defend against power and timing attacks. Additionally y, it
appears that some defense can be provided against such attacks without
significantly impacting Rijndael's performance. Rijndael is designed with th some
flexibility in terms of block and key sizes, and the algorithm can accommodate
alterations in the number of rounds, although these features would require e
further study and are not being considered at this time. Finally, Rijndael's
internal round structure appears to have good potential to benefit from
instruction-level parallelism.

At this point, it's all over but the shouting. At some point later this year, the Secretary of Commerce will officially designate Rijndael the
Advanced Encryption Standard, and a new era will have begun. AES was specified (and is expected) to remain a standard for at least as long as DES, and
to protect data for even longer, and barring a major development (such as faster-than-forseen developments in quantum computing), this standard will
likely be met. No one expects research
into new algorithms to die, however. There will continue to be parallel algorithms developed and used, just as there are today. Thanks to be combined
efforts of NIST and the community, however, there will always be the bedrock of AES available.

In conclusion, I'd like to point out the positive role that the U.S. Government, as represented by NIST, has played in this process. The Free
Software/Open Source community has taken its share of shots at the government over patents, copyright and crypto export over the past several years,
and deservedly so. The AES process, however, was lauded throughout the encryption community as a fair and open process that brought together the best
minds available to select the algorithm for the next century (as NIST likes to say). Making an algorithm a FIPS standard gives it a legitimacy that
cannot be obtained in any other way, especially given the way that this standard was arrived at. The algorithm is completely free of any IP hurdles,
as was specified at the beginning of the process, and since the code is open, it can be downloaded by anyone in the world (and since it was designed
outside of the U.S., any attempt to regulate its export from the U.S. would be silly). It is reasonable to criticize when a situation is bad, but
it is only fair to praise when something is good.

I used a great number of sources from print and the web, so
it's only fair to list them here. I also put many links in the body itself,
most of which go into much more detail than I did.

The definition of wiping drives properly, like other security related matters, depends on what adversary you are trying to protect the data from. If your adversary is a coworker, shred ( gnu fileutils (older) or gnu fileutils (newer) ), wipe , or norton utilities wipeinfo (see Norton System Works , you might have to get the professional edition to get wipeinfo) might work. For adversaries that have more funding and/or time, purchasing sanitizer is advisable as its "D" version meets DOD requirements for electronically disposing of classified and sensitive data on a hard drive. It can apparently defeat electron microscopes with spin control, when properly utilized. Note that if you're going to this extent you probably want to TEMPEST shield (and here and there ) your life, and start using crypto sytems that keep the key material in FIPS 140 compliant crypto devices like these.

They use the same technology in the latest atomic clocks at NIST. Pretty cool stuff, they have a video there to check out that shows how the lasers make a ball of supercooled cesium and fling it up in the air to make a clock. Check it out.

A yottabyte is 10 to the 24th power bytes or 2 to the 80th power bytes. I found it interesting how we have adopted the SI metric terms which are decimal based for information units which are binary based. It is all explained here http://physics.nist.gov/cuu/Units/binary.html

What with the cost of optical networking dropping by a factor of 2 every 100 days or so ( See Scientific American Dec00), soon that 10G will be 100T and very accessible. Also, with the advent of being able to stop light pulses and restart them (See Nature, 25Jan01), we can have a disk drive with yottabyte capacity (for a definition of lesser known si units, see http://physics.nist.gov/cuu/Units/prefixes.html).

This reminds me of a "who wants to be a millionaire" question:

"a kilobyte is this many bytes:

A:2
B:100
C:1000
D:1000000"

contestant: "oh, that's a tough one, i'm going to have to call my friend, he's a computer Expert"

friend:"gee I don't know, I think it might be 1000, I'm only 50% sure"

The "expert" friend must have been an MSCE to be 50% sure, but the anwser was technically correct

Binary SI Prefixes in this case are Ki and Mi, or spelled out kibi and mebi. The new standard is only a few years old, and I still have not seen it used anywhere. But this is definitely a good thing as it will reduce the posibility of confusion (hopefully).

BTW, in telecom, they also usually use the base 10 SI unit (e.g. 8kb/sec = 8000bits/sec).

1. They're slow
   
2. They're fragile
   
3. They don't have enough space no matter how much you can incrementally shove in
   
4. They waste more resources in packaging than other media

Yeah. Right. Where did you go to school, brainiac. Check out: The definition and get back to me about who's wrong.

Java *is* used for numerical computing and the like:
Java Grande, Java Numerics

The International Biometrics Consortium is an organization of individuals, companies, and institutions that concerns itself with all aspects of Biometric technology. Fingerprinting is one of the most talked about, but retinal scans, voice prints, face recognition, behavioral recognition (such as gait or common hours of arrival and departure,) hand geometry, and other measures of "what you are" instead of "what you have" or "what you know." To become a member, you must join the listserv here.

Every November they have an annual Conference, but there are many events throughout the year, throughout the world.

There are many other organizations such as BioAPI that are concerned with aspects of the technology such as multivendor hardware and software support.

I attended the Consortium's 2000 conference at NIST in Gaithersburg, MD, USA. I was quite impressed with the state of the technology and the amount of research that has been done in this area, but surprised at the lack of large scale corporate interest. Happy hunting, and please post your experiences!

The International Biometrics Consortium is an organization of individuals, companies, and institutions that concerns itself with all aspects of Biometric technology. Fingerprinting is one of the most talked about, but retinal scans, voice prints, face recognition, behavioral recognition (such as gait or common hours of arrival and departure,) hand geometry, and other measures of "what you are" instead of "what you have" or "what you know." To become a member, you must join the listserv here.

Every November they have an annual Conference, but there are many events throughout the year, throughout the world.

There are many other organizations such as BioAPI that are concerned with aspects of the technology such as multivendor hardware and software support.

I attended the Consortium's 2000 conference at NIST in Gaithersburg, MD, USA. I was quite impressed with the state of the technology and the amount of research that has been done in this area, but surprised at the lack of large scale corporate interest. Happy hunting, and please post your experiences!

The common criteria are far more than the old orange book controls (B1, B2, C1, ...). Part two of ISO 15408 has many things that I'd really like to see (and I'm prepared to help, too).

Why even bother with the old style Orange book stuff, which barely work in a networked environment, when the new style CC definitions are available for free?

Also will you be providing a framework such that deployed TrustedBSD systems are ready for CC evaluation?

Lastly, any plans for a NetBSD version? Want some help?

Many commercial OSes have some kind of evaluation of some version, and some have TCSEC (Orange Book) class B or above (or equivalent under other schemes). If you are really interested, here are some links:

• Trusted Product Evaluation Program for TCSEC evaluations.
• The UK ITSEC scheme has a certified products list - E3/F-B1 is similar to TCSEC B1.
• National Information Assurance Partnership has a list of products validated against the Common Criteria (joint sucessor to TCSEC and ITSEC)

The field has its own specialist jargon, so it may take some effort to make sense of all that. Also remember that resistance to penetration is not required until you get a long way up the scale although it is probably what most people expect to get, only to be disappointed. It is actually very hard to show that a system is penetration resistant, much harder than merely making it penetration resistant (which is hard enough in itself if you want to keep some functionality).

The SI prefixes (from NIST) are:

yocto (10e-24)
zepto (10e-21)
atto (10e-18)
femto (10e-15)
pico (10e-12)
nano (10e-09)
micro (10e-06)
milli (10e-03)
[unity] (10e+00)
kilo (10e+03)
mega (10e+06)
giga (10e+09)
tera (10e+12)
peta (10e+15)
exa (10e+18)
zetta (10e+21)
yotta (10e+24)

The length of a typical bond between two atoms is about one Ångstrom -- 10e-10 metre, or a tenth of a nanometer -- so the first few prefixes probably won't come up much in conversation [yet?].

(for completeness, there are binary versions of these prefixes too :-)

And on the subject of nano-things... let's not let the CAD-crazed physicists with their molecular beams and Atomic Force Microscopes push the fascination of supramolecular chemistry off the stage. Have a look at the Stoddart and Rebek groups' pages. Also see KevinMS' comment!

The SI prefixes (from NIST) are:

yocto (10e-24)
zepto (10e-21)
atto (10e-18)
femto (10e-15)
pico (10e-12)
nano (10e-09)
micro (10e-06)
milli (10e-03)
[unity] (10e+00)
kilo (10e+03)
mega (10e+06)
giga (10e+09)
tera (10e+12)
peta (10e+15)
exa (10e+18)
zetta (10e+21)
yotta (10e+24)

The length of a typical bond between two atoms is about one Ångstrom -- 10e-10 metre, or a tenth of a nanometer -- so the first few prefixes probably won't come up much in conversation [yet?].

(for completeness, there are binary versions of these prefixes too :-)

And on the subject of nano-things... let's not let the CAD-crazed physicists with their molecular beams and Atomic Force Microscopes push the fascination of supramolecular chemistry off the stage. Have a look at the Stoddart and Rebek groups' pages. Also see KevinMS' comment!

Not quite. Certain classes of problems are provably unsolvable, such as the famous Halting Problem.

More correctly, you could say that any problem that can be solved, can be solved by a Turing Machine.

What does HUGE mean? Gigabytes? Terabytes? Exebytes?
Ah, "exebytes". That's the unit of choice for measuring the size of executables produced by that big & rich company, right? :^) The SI prefix you're looking for is exa. On the other hand, perhaps exe is handy as a "computerization", along the lines of the "K" for 1024 in KB (SI uses "k" for 10^3)... More information about SI prefixes is available here. Or, maybe your fingers slipped and I'm just being more nitpicking than usual. ;^)

You can think of it as having a couple pipes to funnel people in: an administrative pipe for pencil pushers, a professional pipe for the brains, and a technical pipe for the knuckle draggers (for example). Folks can get hired competitively - that's the big plus. Another plus is there are only 4 or 5 steps, not 15 like in GS, so you can advance quicker if you perform.

The minus is, no matter how they try to explain it, there are quotas on who can advance, based on your budget after hires. So you get groups hiring competetively and not holding those people because they can't keep the pay competetive. Where 40, 50 and 60 year employees were the norm - priceless experts in their field - you have churn now.

I think it could have been an improvement, and maybe it was at Mugu/CL, but not at NIST, IMHO.

The problem is that one must maintain phase-coherence between the basis states of the entangled states and the enemy is thermal noise. There is simply no feasible way today to insulate a quantum system from heat baths well enough to maintain phase-coherence for more than a few hours.

The world's record as far as I know is held by Dave Wineland's ion storage laboratory at NIST, who maintain trapped laser cooled ions in coherent superposition states for around ten minutes before significant phase decoherence sets in, mostly due to collisions with background gas (See D.J. Wineland et al., "Experimental Issues in Coherent Quantum-State Manipulation of Trapped Atomic Ions," Journal of Research of the National Institute of Standards and Technology, Vol. 103, pp. 259-328 (1998)).

Thus, while quantum encryption may be useful for transmitting data where there is not a good way to distribute a secret key, such as a one-time pad, it holds little promise for storing sensitive information.

The problem is that one must maintain phase-coherence between the basis states of the entangled states and the enemy is thermal noise. There is simply no feasible way today to insulate a quantum system from heat baths well enough to maintain phase-coherence for more than a few hours.

The world's record as far as I know is held by Dave Wineland's ion storage laboratory at NIST, who maintain trapped laser cooled ions in coherent superposition states for around ten minutes before significant phase decoherence sets in, mostly due to collisions with background gas (See D.J. Wineland et al., "Experimental Issues in Coherent Quantum-State Manipulation of Trapped Atomic Ions," Journal of Research of the National Institute of Standards and Technology, Vol. 103, pp. 259-328 (1998)).

Thus, while quantum encryption may be useful for transmitting data where there is not a good way to distribute a secret key, such as a one-time pad, it holds little promise for storing sensitive information.

The problem is that one must maintain phase-coherence between the basis states of the entangled states and the enemy is thermal noise. There is simply no feasible way today to insulate a quantum system from heat baths well enough to maintain phase-coherence for more than a few hours.

The world's record as far as I know is held by Dave Wineland's ion storage laboratory at NIST, who maintain trapped laser cooled ions in coherent superposition states for around ten minutes before significant phase decoherence sets in, mostly due to collisions with background gas (See D.J. Wineland et al., "Experimental Issues in Coherent Quantum-State Manipulation of Trapped Atomic Ions," Journal of Research of the National Institute of Standards and Technology, Vol. 103, pp. 259-328 (1998)).

Thus, while quantum encryption may be useful for transmitting data where there is not a good way to distribute a secret key, such as a one-time pad, it holds little promise for storing sensitive information.

That is true of all the candidates. Even MARS and RSA patents would have to be more-or-less unenforced if selected - go to the AES page and check out the huge red text that says exactly this.

AES homepage

Also, Rivest, Shamir, and Adleman *did* invent RSA. I'm not sure what you're implying.

-konstant
Yes! We are all individuals! I'm not!

Given this info, here's something to consider (Please bear with me... I'm a scientist, not a writer):

To assemble the perfect hypothetical database to search DNA "from the scene" against, you would have to test everyone first, and put their allele set at each loci into a database. To render DNA that is "at the scene" useless vis-a-vis the database, one does not need to replace it with someone else's DNA at every position, but just cover your 13 loci with everyone else's alleles (ie. all possible alleles at each of the known 13 loci - fairly straightforward pooled-sample PCR - and, incidentally, is a bit easier than isolating a specific person's & erasing your alleles).

The same combinatorial logic that makes the identification so specific leads to a rapid collapse if there are more than one allele found at each position (I hope you can see how this works - instead of just allele A or allele B, you find alleles A, B, C, D, and E - obviously fake, but also useless for identification purposes. Sort of looking for a needle in a pile of needles instead of a haystack). On a practical level, this type of "obscuration defense" can easily be gotten around by testing different loci in any individual two-point comparison(assuming you only "obscure" the reference allele set). However, the reference set of loci that determines the national database (ie. the search set) will thus be rendered useless. This makes this trick nice because it stakes out somewhat higher moral grounds. It's a way to maintain the usefulness of DNA evidence in specific cases, but cause a national database to collapse.

You are really talking about tebibytes, aren't you?

In other words, 2^40 rather than 10^12. Not that the word will catch on with others than those we know as real PITAs, but there is a term to avoid the ambiguity.

Well, if you used OpenBSD, you wouldn't have to worry about things like that. For example, it has an encrypted swap space, using Blowfish 128bit encryption.

Good point, but since May 27, 2000, OpenBSD uses Rijndael ; to encrypt the swap file, for faster key setup. (yet an other example of "That was fixed 5 months ago"),

If you go here you will find that Rijndael isn't actually a standard yet, it still has a while before it becomes the governments new standard. Take a look a number 6

Secondly, if you increase the number of rounds in Rjindael you can effectively double the security, and even then it is still one of the fastest candidates in software.

... by the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure which chooses to refer to itself as "Bob" rather than "TACDFIPSFKMI". See here if you don't believe me. As they both have something to do with Federal crypto standards, it would be too confusing to have them both named "Bob".

Oops, I should have kept reading. The Report on the Development of the AES does have a statement that seems to indirectly reference Hitachi's patent claim: "After comments were analyzed, and the review process was completed, IP was not a factor in NIST's selection of the proposed AES algorithm."

It's clear from the IP Issues forum that this was a concern. It will be interesting to see whether the final announcement mentions the patent.

I don't know whether the other algorithms actually infringe; I suspect it's a case of CYA, given NIST's "Speak now or forever be sued" note regarding IP.

It's clear from the IP Issues forum that this was a concern. It will be interesting to see whether the final announcement mentions the patent.

I don't know whether the other algorithms actually infringe; I suspect it's a case of CYA, given NIST's "Speak now or forever be sued" note regarding IP.

Please see the fact sheet before spreading misinformation:

The algorithm's developers have suggested the following pronunciation alternatives: "Reign Dahl," "Rain Doll" and "Rhine Dahl."

From the AES Fact Sheet.

-Adam

For those who are interested in technical analysis, the NIST Report is online.

The basic gist of the report is that all algorithms are secure to NIST's comfort, with a large number of various details. The main reason for selecting Rinjdael over the other algorithms came down to performance.

Whereas the other algorithms either ran well or poorly depending on the platform (Serpent poor in register-poor software and a large initial requirement for hardware, Twofish being very slow for software subkey generation, MARS requiring 32 bit multiply and having awful subkey generation, and RC6 also requiring 32 bit multiply and poor subkey generation), Rijndael runs well regardless of platform, be it hardware or software, smartcard microcontroller or IA64.

I also seriously doubt that the Hitachi patent claim had anything to do with the selection. IT was not even mentioned in the report on the IP section, and was incredably vague (Hitachi was claiming a patent on rotation in encryption. The Caesar cypher could probably be claimed as 2000 year old prior art).


Nicholas C Weaver
nweaver@cs.berkeley.edu

In addition to the open-ended key size of Rijndael, after reading the AES Round 1 report, it looks like smart card applications were a key consideration (possible THE key?).

With smart cards, the issue is two fold. One, you need small code footprint, which both Rijndael and TwoFish did satisfy. And, two, the main means to hack smart cards is via power/EMI analysis.

Any circuit draws power and puts out EMI with the switching of its gates. Since there are power draws when they switch, the two are usually intertwined. I am familar with these because this because Theseus Logic's (my employer's) NCL (null convention logic) technology is ideal for smartcards because of its more uniform power (gates switch independently so they are not switching and drawing power at the same time) further resulting in a drastically reduced EMI signature compared to CBL (clocked boolean logic). In addition to being reduced, the power/EMI signature it looks nothing like CBL and those years of learning what CBL circuits look like from a power/EMI standpoint are not applicable to NCL at all.

TwoFish uses a very predictable addition subroutine that would put out a reguarly timed power/EMI signature. Rijndael seems to reduce its use of such easily identifyable operations (at least when analyzed under [6] in the report).

[ BTW, one thing I didn't understand was this statement about TwoFish: "During Round 1, there were a few concerns regarding the overall complexity of its design." Anyone know what they meant by this? ]

-- Bryan "TheBS" Smith

More information can be found on the Rijndael algorithm here. This link includes a copy of the white paper on the algorithm in PDF format, as well as the source code.

More information can be found on the Rijndael algorithm here. This link includes a copy of the white paper on the algorithm in PDF format, as well as the source code.

More information can be found on the Rijndael algorithm here. This link includes a copy of the white paper on the algorithm in PDF format, as well as the source code.

The National Institute of Standards and Technology has a division in the Info.Tech. Lab that has metadata as one of their projects. Looks like they're thinking XML.

The National Institute of Standards and Technology has a division in the Info.Tech. Lab that has metadata as one of their projects. Looks like they're thinking XML.

unfortunatly, they're all incorrect. in keeping with American tradition, the SI/metric system just HAD to be completely fucked up before the yanks could be happy with themselves.

the correct definitions are here. Until 1998, I fought to the death that a kilobyte = 1024 bytes, but now there are proper definitions for base 2, I will fight to the death kilobyte = 1000 bytes.