Preview of New Block Cipher

flaws writes "Secure Science Corp. is offering a preview of one of the 3 ciphers they will be publishing througout the year. The CS2-128 cipher is a 128-bit block cipher with a 128 bit key. This cipher is proposed as a hardware alternative to AES, being that it is more efficient in hardware, simpler to implement, and comparably secure to AES-128. The preview of the CS2-128 cipher proposed is in html form and will be available in a published format at the end of April. At this time, requests are made for casual peer review and implementation. Secure Science will be offering a challenge at the end of April, introducing the cipher to the public. This ciphers implementation and usage will be offered in multiple hardware devices, such as wireless routers, cell-phones, and storage management hardware."

Re:Go with what is widely used

[Zeinfeld]

As a example look at the 40 bit encryption used by TI for RFID tags that was recently broken by a bunch of university students. If those students had been malicious they could have broken it and not told anyone. They could have then exploited the weakness for years because the cipher isn't widely studied so it is unlikely that someone else would have bothered to crack it. If TI had simply gone with 3DES there would have been no problem. The moral of the story: stick to the standards people.

Whenever a 40 bit cipher turns up the most likely reason is the export restrictions. When TI was doing its work they could not stick to the standard.

Plus 3DES is not exactly a great cipher, the small block size means that certain attacks become possible after 2^32 blocks of ciphertext, that is only 32 Gb of data which is not a lot of data.

The TI problem was due to using the same cipher for 15 years without periodic security reviews.