Because the NIST approved standard, DES, is getting old, and the "compatible" mode of TripleDES is very slow. Vendors wanting to win tenders with the US Government have to use a NIST approved method, if one exists for whatever they are doing, from tree planting to cryptographic algorithms. So this is to replace the old exisiting standard.
Symmetric encryption is much faster than asymmetric encryption methods, so they have their uses. In IPSec, and PGP you will find the bulk of the encryption is actually done using a symmetric algorithm because it is about 1000 times faster than say RSA.
256-bit keyspace is huge for a symmetric cipher. To brute force this would take say one million supercomputers a million years. That is a highly non-scientific computation, but demostrates the rough magnatude we are talking about. For assymmetric algorithms like RSA or Diffie-Hellman, the algorithms can be attached more efficiently then by brute force, so we need a larger keyspace. RSA is based on the difficulty of factoring large numbers (composites of two large primes), and DH is based on the discrete logarithm problem.
The AES (Rijndael) was proposed by an European team of cryptographers, the NSA have only acted as advisors to the NIST, whom make the final decision. The algorithm has been in the public since 1998, and has had the best open-source (general public) cryptographers looking for any weaknesses. It appears to be very strong, and modestly fast, faster than TripleDES.
While the blocksize of Rijndael was able to operate in variable lengths of 128, 192, or 256, the AES specification designated 128-block size as standard.
So this "change", is really just rewriting Rijndael to fit the NIST's proposal. Check the original 1997 request for candiates.
I don't know what it is about cryptography that causes people to widly speculate about it, but unless you have any evidence, I claim that there is no known backdoors in DES, or AES. Period.
If you read Steven Levy's Crypto, chapter 2, you'll see that DES was quite strong in its day.
Its structure now makes sense, once the T-attack was rediscovered by Biham and Shamir as differential cryptanalysis. The only just criticism of DES was that even then 56-bit was conceiviable weak in the future, not in the 1970s when it was first made standard.
The NSA has tworesponsibilities
, to gather national intelligences, and to preserve the US Government's own security. The AES will be used as the standard encryption for non-classified (basicilly non-military) security, and willing likely be adopted by X9 as a sucessor to TripleDES for banking and international financial security. Using a weak algorithm for AES is would not make the NSA's responsibility of protecting the US Government's security easier, so I do not see the benefit of trying to do such a thing.
So is there anything new in this book? Any new insight or critism or is this just a travellog of Moody?
Is this a good first book on XML?
on
Inside XML
·
· Score: 1
Is this a good starting point for XML, or are there better books?
One problems with Slashdot's reviews is that they are driven by what the reviewer has read recently, not because the tite is new publications or a best of breed on a given topic.
Rabin is an academic, and has proposed a theory which is provable secure. It is not a engineered software system, but academic paper-stuff.
The system appears to have more to do with a key distribution method (protocol), rather than a new encryption algorithm, but this is based on the NY Times article not the rigous description, so I am not certain.
One of the classic weaknesses historical in systems has been how to securely distribute the keys to all parties who want to communicate securely. This system is intended to address that troublesome problem.
Slashdot Mirror
Symmetric encryption is much faster than asymmetric encryption methods, so they have their uses. In IPSec, and PGP you will find the bulk of the encryption is actually done using a symmetric algorithm because it is about 1000 times faster than say RSA.
256-bit keyspace is huge for a symmetric cipher. To brute force this would take say one million supercomputers a million years. That is a highly non-scientific computation, but demostrates the rough magnatude we are talking about. For assymmetric algorithms like RSA or Diffie-Hellman, the algorithms can be attached more efficiently then by brute force, so we need a larger keyspace. RSA is based on the difficulty of factoring large numbers (composites of two large primes), and DH is based on the discrete logarithm problem.
The AES (Rijndael) was proposed by an European team of cryptographers, the NSA have only acted as advisors to the NIST, whom make the final decision. The algorithm has been in the public since 1998, and has had the best open-source (general public) cryptographers looking for any weaknesses. It appears to be very strong, and modestly fast, faster than TripleDES.
So this "change", is really just rewriting Rijndael to fit the NIST's proposal. Check the original 1997 request for candiates.
I don't know what it is about cryptography that causes people to widly speculate about it, but unless you have any evidence, I claim that there is no known backdoors in DES, or AES. Period.
If you read Steven Levy's Crypto, chapter 2, you'll see that DES was quite strong in its day. Its structure now makes sense, once the T-attack was rediscovered by Biham and Shamir as differential cryptanalysis. The only just criticism of DES was that even then 56-bit was conceiviable weak in the future, not in the 1970s when it was first made standard.
The NSA has two responsibilities , to gather national intelligences, and to preserve the US Government's own security. The AES will be used as the standard encryption for non-classified (basicilly non-military) security, and willing likely be adopted by X9 as a sucessor to TripleDES for banking and international financial security. Using a weak algorithm for AES is would not make the NSA's responsibility of protecting the US Government's security easier, so I do not see the benefit of trying to do such a thing.
It's OpenP2P as in peer-2-peer, not OpenPGP the message security software.
So is there anything new in this book? Any new insight or critism or is this just a travellog of Moody?
One problems with Slashdot's reviews is that they are driven by what the reviewer has read recently, not because the tite is new publications or a best of breed on a given topic.
I think Slashdot could improve here.
The system appears to have more to do with a key distribution method (protocol), rather than a new encryption algorithm, but this is based on the NY Times article not the rigous description, so I am not certain.
One of the classic weaknesses historical in systems has been how to securely distribute the keys to all parties who want to communicate securely. This system is intended to address that troublesome problem.
I hope this clarifies a few things for readers.