Slashdot Mirror
Interview With AES Author
Dave Wreski writes "I recently had a chance to ask Vincent Rijmen a few questions about Rijndael, the algorithm soon to replace DES. He talks about the development of the algorithm, his thoughts on the future of Internet security, Linux and security, and more. He's a pretty interesting guy, and had some interesting comments. You can find the interview
here"
Serpent is actually more secure than Rijndael, even if slightly slower. I personally use serpent in my loopback fs's, and it works really well!
Here in the US we have the same thing. Anyone who can't pronounce "hot dog" is looked upon with suspicion. Dutch tourists pronounce it like "hat dack" and that's how we can tell they aren't from around here.
If tits were wings it'd be flying around.
no comment.
- Actually we do know. Eli Biham and Adi Shamir (the S in RSA) discovered differential cryptanalysis in 1990. Differential cryptanalysis made short work of many algorithms of the day *except* DES. It was found that any other s-box configuration, including totally random ones, made the whole algorithm fall quickly to this new method. Subsequently, an IBM researcher admitted that they knew about differential cryptanalysis in the early seventies but the NSA convinced them that discussing the method or the s-box criteria would harm US interests.
So then, we still don't know. All you did is tell us why the S box values were picked (to thwart cryptanalysis. We knew this.), but not the method that determined those numbers.Why is this information still classified?
Actually he did.
There comes a time in every man's life when he must say, "No mother! I do not want any more Jell-O!"
I'm getting a brain overload from all the different encryption tools/stories/specs. It was not too long ago that I remember that all that was out there was PGP and DES. Now there are so many that I only remember the ones with funny names. (twofish? blowfish?)
At least with PGP I knew how to decode it, if someone sent me a encrypted email today, I would have no clue how to even identify it, nevermind decode it.
Is this depth of knowlege really required for a layman to take advantage of reasonable encryption security?
I guess my feeling from the opinions expressed in the interview would be that yer man there just doesn't care. I get the impression he's far more interested in doing theoretical algorithm research than in any real-world applications.
Hence his comments - "Rijndael is the engine, it's up to someone else to build the car". In the context of your question, the Draft ThoughtCrime Treaty really addresses legislation of the "car" - applications, processes and protocols making use of encryption - rather than the "engine" (the encryption algorithm) itself.
--
I'd rather have a bottle in front of me than a frontal lobotomy
Shame the questions are either really obvious or just downright strange. I get the impression the interviewer doesn't know much about encryption.
And where did the question about rfc2692 come from? I'm not surprised the reply was "No comment" (although "What are you talking about?" would be just as reasonable).
- Alan
too bad Grootegast doesn't have a lot of beaches...
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Nah... unfortunately (?) it's spelled zee-eend nowadays
This sig under construction. Please check back later.
He said "hacker!" Burn him!!!
Any sufficiently advanced civilization is indistinguishable from Gods.
Eli Biham and Adi Shamir (the S in RSA) discovered differential cryptanalysis in 1990. Differential cryptanalysis made short work of many algorithms of the day *except* DES. It was found that any other s-box configuration, including totally random ones, made the whole algorithm fall quickly to this new method. Subsequently, an IBM researcher admitted that they knew about differential cryptanalysis in the early seventies but the NSA convinced them that discussing the method or the s-box criteria would harm US interests.
"Scheveningen"
The most unpronouncable name of a beach-resort in the world!
All Germans come to this place in the Netherlands because they don't have their own resorts. Little joke: They're only worthy to stay if they can actually pronounce the name, if they can't, we'll kick them out!
<grub> Reading
It's pronounced Aye-Eee-Ess.
How hard is that?
An algorithm had to be free of patent and other intellectual property claims in order to apply as an AES candidate. Rijndael is not a "standout" in this respect as this was required as part of the process. Credit goes to NIST, which knew a standard would never be a standard if it was encumbered by IP.
as it was pointed out in the interview, this encryption method has no intellectual property claims, or patents on it. This is really good news for the open source and free software communities.
On a side note, was it just me, or did the interviewee seem to be in a bit of a mood?
---
Desperation is a stinky cologne
In light of the absurd "Draft Cybercrime Treaty" brought to our attention by this article I'd love to hear Rijmem's take on the whole issue. How does the world expect to pull off other events like the AES challenge if researchers can't "hack/crack" without fear of legal repercussions?
udder - Thing hanging under cow :)
Enigma
Enigma
--
Thats not true. I always read Signal11s posts, its nice to know what the well balanced mainstream Slashdot reader thinks.
http://twitter.com/onion2k
Journalism just took a punch in the gut, staggered through a parking lot, where some thugs decided to steal his wallet, piss on his clothes, and poop in his briefcase.
--Giving to trolls for the benefit of us all
LinuxSecurity.com: How long did it take to develop the algorithm that will provide security for the digital economy well into the 21st century?
Vincent Rijmen: It depends on how you count. Our research is a continuous process, and it's not easy to say when we started on Rijndael. About a year or two, I would estimate.
Calculation using Moores CPU law would suggest that this encryption algorithm should be cracked within 6 months.
56-bit DES is easily crackable now. Rijndael takes up to a 256-bit key. (256 - 56) = 300. Where are you getting your numbers from?
This calculation is of course pretty meaningless, but it gives you a rough idea.
--
Xenu loves you!
Depends what you mean by "more secure", doesn't it? Rijndael's security goal is to be "K-secure and hermetic". In layman's terms, this basically means to be as secure as any block cipher with that block and key size can possibly be. If it meets these goals, then Serpent can't possibly be better - it can only be exactly as good.
If I could work out a way of demonstrating that it didn't meet these goals, I'd be the world's most famous cryptanalysist in moments. But I'd still be a million miles away from a break that was actually any good for any real attack that any real adversary, even 3-letter agencies equipped with alien tech, could ever use against you.
There are some good attacks on very much weakened variants of Rijndael. Some people in the crypto world believe that full Rijndael will eventually be demonstrated not to be K-secure. However, no-one who knows what they're talking about thinks that any practical, useful break will ever be found. Really, Rijndael is more than good enough - the weaknesses in your system lie elsewhere.
--
Xenu loves you!
And hey, they mention Linux there too! ;-)
Jacco /var/log
---
# cd
-------
Warning: Slashdot may contain traces of nuts.
I still think they should have called it herfstvrucht, angstschreeuw or koeieuier, like they propose here
--
bgphints - internet routing news, hints and ti
Even six-round Rijndael, while theoretically "broken", is completely uncrackable with any known algorithm on today's hardware. IIRC it takes over 10^28 (ie 2^90) operations to crack. That's a savings of only 10^11 (2^38) over brute force. Say you're the NSA, and can afford today 10^6 computers each running at 10^12 operations per second. With your boxes all improving at moore's law, it'll be 15 years before you crack your first key; then 2 keys the in the following year.
Preferential Voting: easy as 1-2-3
must not just be able to perform the algorithm, they must also be
protected from out-of-the-box attacks. It is much harder to guess
what a card device is doing from an EM emission analysis if it uses
simple operations such as in Rijndael, that if it uses more complex
operations such as in Sepent and Twofish. This isn't only a matter of
prevalent technology, it involves sensitive design issues as
well, ones that Rijndael went to more pains about that the other
finalists.
I think that Rijndael will prove to be the better technology for
quite a long time, and its selection will do a lot to promote the use
of good cryptography in the next few years.
LinuxSecurity.com: What applications do you forsee it being used?
Vincent Rijmen: Many many applications. Protection of sensitive files
of the US government (mandatory). Email encryption. Mobile phones.
Smartcards.
Interesting to note that the NSA didn't say they would use AES. Schneier's last cryptogram speculated that they won't be using Rijndael for classified documents in the next few years.
Well, you proably know what those words mean, but for the Dutch-illeterate here: ;-)
herfstvrucht: autumn-fruit
angstschreeuw: scream of terror
koeieuier: Well, the thing hanging below a cow, where you get the milk from (dunno the trans
--
--
If code was hard to write, it should be hard to read
They're already hard to pronounce, don't make it worse. I fear that soon a Czech name will be given to the next big thing, and we'll have to use the reverse caret over the C!
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Well, it was apparently thought of earlier, in the late 1960s, by James Ellis and Clifford Cocks (who were British secret agents). However they did not publish (being secret agents). R,S+A thought it up independently 10 years later, and they were the first to publish. See this techweb story for some more details.
perl -e 'fork||print for split//,"hahahaha"'
That is true of all the candidates. Even MARS and RSA patents would have to be more-or-less unenforced if selected - go to the AES page and check out the huge red text that says exactly this.
AES homepage
Also, Rivest, Shamir, and Adleman *did* invent RSA. I'm not sure what you're implying.
-konstant
Yes! We are all individuals! I'm not!
-konstant
Yes! We are all individuals! I'm not!
I'll admit it: I'm still a twofish fan. I look at the number of rounds required to make rijndael reasonably secure and compare that to twofish and i don't feel happy. This is not to say that I don't think that Rijndael is secure now--it clearly is. This is also not to say that I think there's some good way to reliably determine the likely future security of uncracked algorithms--I think there is not. Nevertheless, we can guess about future security based on things like complexity (where twofish scores poorly) and number of rounds required for security (where twofish scores extremely well and rijndael does not).
There were two lurking decision factors in the AES that concern me:
1) patents. it has not been made clear how much the hitachi claimed patent affected the outcome.
2) embedded devices. i believe that the decision was weighted in favor of current embedded memory and computational power, which doesn't make any sense. Embedded applications will be more powerful by the time anyone actually implements this stuff and I'd much rather have something that is excellent on real computers and fine on smart cards, but that doesn't seem to be what we've ended up with.
Anyway, I'm glad to see the process was open and all kvetching aside, Rijndael is a *huge* improvement over DES or even DESX or tripleDES. The authors of all algorithms deserve congratulations.
The only reason they won't crack it is probably because it's impossible to pronounce.
--
--
If code was hard to write, it should be hard to read
You may wish to check out this website for a quick and clean comparison of the security of the different proposals.