Re: [Cfrg] A little room for AES-192 in TLS?
Joan Daemen <jda@noekeon.org> Tue, 17 January 2017 18:28 UTC
Return-Path: <jda@noekeon.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D76CC127ABE for <cfrg@ietfa.amsl.com>; Tue, 17 Jan 2017 10:28:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.101
X-Spam-Level:
X-Spam-Status: No, score=-5.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3qzEO1pBLBq for <cfrg@ietfa.amsl.com>; Tue, 17 Jan 2017 10:28:45 -0800 (PST)
Received: from ober.noekeon.org (ober.noekeon.org [91.134.133.203]) by ietfa.amsl.com (Postfix) with ESMTP id D3662129424 for <cfrg@irtf.org>; Tue, 17 Jan 2017 10:28:44 -0800 (PST)
Received: by ober.noekeon.org (Postfix, from userid 33) id 0B15222361; Tue, 17 Jan 2017 19:28:43 +0100 (CET)
To: cfrg@irtf.org
X-PHP-Originating-Script: 0:rcube.php
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Tue, 17 Jan 2017 19:28:43 +0100
From: Joan Daemen <jda@noekeon.org>
Mail-Reply-To: jda@noekeon.org
In-Reply-To: <CAMm+Lwh05t6AMoRdgmMLZNsAVWAXxax84WOxMB8Cp_gBq5oZVA@mail.gmail.com>
References: <20170115205926.853FB60A6D@jupiter.mumble.net> <1484577818.5104.1.camel@quad> <D4A2A7CE.57FDF%john.mattsson@ericsson.com> <CABcZeBPGxT=9iiChy4PxD_zMHWcHU=AhCLoe7wEHHtryw2rfwg@mail.gmail.com> <D4A2B50D.7E040%kenny.paterson@rhul.ac.uk> <CAHOTMVJrHBn4AR7PCJ14xKYCVjdxF7SiswiOABX_g6A5gsQGDg@mail.gmail.com> <1484593651.5104.49.camel@quad> <1df3ba4212e44f9d8e3e6fabf8610cc0@usma1ex-dag1mb1.msg.corp.akamai.com> <1484662079.5135.49.camel@quad> <9d54608c721c465788a38e5cc8e8cac6@usma1ex-dag1mb1.msg.corp.akamai.com> <CACz1E9rZrso0184wiiK04UJnv4sBWZwtM2yYumha08Z-4n0=KQ@mail.gmail.com> <CAHOTMVLGoj7RPFQBTRu_d+kOoBfrKmi+CG+ityyW=x3G4t_AaQ@mail.gmail.com> <CAMm+Lwh05t6AMoRdgmMLZNsAVWAXxax84WOxMB8Cp_gBq5oZVA@mail.gmail.com>
Message-ID: <c185b3ee5008c559b1a42c5e298e0c74@mail.noekeon.org>
X-Sender: jda@noekeon.org
User-Agent: Roundcube Webmail/1.1.5
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/1TenINAC9ZSYRZfkNQaCw-m23UA>
Subject: Re: [Cfrg] A little room for AES-192 in TLS?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: jda@noekeon.org
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 18:28:47 -0000
Dear all, the related-key attacks against AES were interesting from an academic point of view as they broke the security claim we made for Rijndael. However, the attacks require very sophisticated manipulations of the secret key by the attacker. For example, even a protocol that would allow an attacker to add (or XOR) a value of her choice to the key before being used in AES would not allow mounting the attack. If you are interested, you can read the paper Vincent and I wrote "On the related-key attacks against AES" available at e.g. http://jda.noekeon.org/ As for including AES-192 in TLS, I don't see any benefits. Kind regards, Joan Daemen
- [Cfrg] A little room for AES-192 in TLS? Leonard den Ottolander
- Re: [Cfrg] A little room for AES-192 in TLS? Taylor R Campbell
- Re: [Cfrg] A little room for AES-192 in TLS? Leonard den Ottolander
- Re: [Cfrg] A little room for AES-192 in TLS? Taylor R Campbell
- Re: [Cfrg] A little room for AES-192 in TLS? Leonard den Ottolander
- Re: [Cfrg] A little room for AES-192 in TLS? John Mattsson
- Re: [Cfrg] A little room for AES-192 in TLS? Eric Rescorla
- Re: [Cfrg] A little room for AES-192 in TLS? Paterson, Kenny
- Re: [Cfrg] A little room for AES-192 in TLS? Stanislav V. Smyshlyaev
- Re: [Cfrg] A little room for AES-192 in TLS? Tony Arcieri
- Re: [Cfrg] A little room for AES-192 in TLS? Leonard den Ottolander
- Re: [Cfrg] A little room for AES-192 in TLS? Ilari Liusvaara
- Re: [Cfrg] A little room for AES-192 in TLS? Salz, Rich
- Re: [Cfrg] A little room for AES-192 in TLS? John Mattsson
- Re: [Cfrg] A little room for AES-192 in TLS? Tony Arcieri
- Re: [Cfrg] A little room for AES-192 in TLS? Leonard den Ottolander
- Re: [Cfrg] A little room for AES-192 in TLS? Salz, Rich
- Re: [Cfrg] A little room for AES-192 in TLS? Yoav Nir
- Re: [Cfrg] A little room for AES-192 in TLS? William Whyte
- Re: [Cfrg] A little room for AES-192 in TLS? Tony Arcieri
- Re: [Cfrg] A little room for AES-192 in TLS? Phillip Hallam-Baker
- Re: [Cfrg] A little room for AES-192 in TLS? Ted Krovetz
- Re: [Cfrg] A little room for AES-192 in TLS? Joan Daemen
- Re: [Cfrg] A little room for AES-192 in TLS? Leonard den Ottolander
- Re: [Cfrg] A little room for AES-192 in TLS? Phillip Hallam-Baker
- Re: [Cfrg] A little room for AES-192 in TLS? Leonard den Ottolander
- Re: [Cfrg] A little room for AES-192 in TLS? Phillip Hallam-Baker
- Re: [Cfrg] A little room for AES-192 in TLS? Paterson, Kenny