Slashdot Mirror

← Back to Stories (view on slashdot.org)

Draft FIPS for the Advanced Encryption Standard

Posted by michael on from the DES-2.0 dept.

Several people wrote with news that NIST has released a draft standard for the AES. They're inviting public comment, so if the NSA has added a backdoor to Rijndael, now would be a good time to find it.... :)

4 of 51 comments (clear)

  1. The NSA approved all five final candidates by Paul+Crowley · · Score: 3

    All five final candidates for the AES got the NSA stamp of approval. If they can break them all, even Serpent, they probably have orbital mind control rays too.

    A burglar you trust is an excellent person to ask about what locks to use. Of course, NIST didn't just ask the NSA, they asked all the best burglars in the world, and the conclusion is that this is as secure a lock as you could possibly need for the foreseeable future.
    --

    --
    Xenu loves you!
  2. Re:Blocksize vs. Keysize by plcurechax · · Score: 3
    While the blocksize of Rijndael was able to operate in variable lengths of 128, 192, or 256, the AES specification designated 128-block size as standard.

    So this "change", is really just rewriting Rijndael to fit the NIST's proposal. Check the original 1997 request for candiates.

    I don't know what it is about cryptography that causes people to widly speculate about it, but unless you have any evidence, I claim that there is no known backdoors in DES, or AES. Period.

    If you read Steven Levy's Crypto, chapter 2, you'll see that DES was quite strong in its day. Its structure now makes sense, once the T-attack was rediscovered by Biham and Shamir as differential cryptanalysis. The only just criticism of DES was that even then 56-bit was conceiviable weak in the future, not in the 1970s when it was first made standard.

    The NSA has two responsibilities , to gather national intelligences, and to preserve the US Government's own security. The AES will be used as the standard encryption for non-classified (basicilly non-military) security, and willing likely be adopted by X9 as a sucessor to TripleDES for banking and international financial security. Using a weak algorithm for AES is would not make the NSA's responsibility of protecting the US Government's security easier, so I do not see the benefit of trying to do such a thing.

  3. Public review is finished after two years or so by Paul+Crowley · · Score: 4

    NIST started the process of designing a successor to AES many years ago, and fifteen algorithms were submitted from all over the world as candidate successors. The eventual winner comes from a team from Belgium; it's been thoroughly examined by the worlds best cryptanalysts and I don't think anyone thinks there's going to be a useful break.

    So long as this FIPS is simply a formal description of the algorithm we were all examining (and it appears to be), there's no problem. NIST have done all the right things here.
    --

    --
    Xenu loves you!
  4. Rijndael team's new cipher by Paul+Crowley · · Score: 4

    Far from resting on their laurels, the Rijndael team have been busy with new cipher design work. Check out their latest creation, Noekon, designed for simple implementation and resistance to differential power attacks and other side channel attacks.
    --

    --
    Xenu loves you!