Re: [Cfrg] matching AES security
"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Wed, 30 July 2014 23:08 UTC
Return-Path: <prvs=32887b111f=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 268021A01E5 for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 16:08:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PWUimOsG9ZXg for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 16:08:54 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id EF1FB1A00B8 for <cfrg@irtf.org>; Wed, 30 Jul 2014 16:08:53 -0700 (PDT)
Received: from LLE2K10-HUB01.mitll.ad.local (LLE2K10-HUB01.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id s6UN86ER007756; Wed, 30 Jul 2014 19:08:40 -0400
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: Nico Williams <nico@cryptonector.com>, Robert Moskowitz <rgm-sec@htt-consult.com>
Thread-Topic: [Cfrg] matching AES security
Thread-Index: AQHPq/wCacsPipZEQE6PjxUstHqztJu46fSAgACO8AD//8V+AA==
Date: Wed, 30 Jul 2014 23:08:34 +0000
Message-ID: <CFFEEC4B.182BF%uri@ll.mit.edu>
References: <20140730123336.29011.qmail@cr.yp.to> <53D8FBDB.4060601@htt-consult.com> <CAK3OfOjxSsxc95i6UVn3oW_Kdz3R92OUpGSmdfO=yFXnTpGvZQ@mail.gmail.com>
In-Reply-To: <CAK3OfOjxSsxc95i6UVn3oW_Kdz3R92OUpGSmdfO=yFXnTpGvZQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.3.140616
x-originating-ip: [172.25.177.187]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3489592110_11782786"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52, 1.0.14, 0.0.0000 definitions=2014-07-30_07:2014-07-30,2014-07-30,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1407300257
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/ykAFVsPiZY6IALsds1O5wmS92lo
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] matching AES security
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 23:08:56 -0000
>>Please explain what typical device will use at least one new key every
>> minute?
>
>Er, well, smartphone apps might well poll/get pushed to that
>frequently, altogether, with a new key per-poll/push. Sure, the
>protocol involved might not generate a new key per-event, but if the
>protocol is TLS, then it will.
Maybe... A good argument to avoid TLS. :-)
>DJB's point is that we should permit "odd" match-ups like AES-256 and
>Curve25519 _because_ AES-128 is weak in plausible scenarios.
^^^^^^^^^ :-)
There already are such "odd" match-ups, and I guess the trend is here to
stay.
But to do it because of attackers "getting _all_ of your 2^50 keys with
2^128 easy (sic!) computations"? (I guess you could convince about half of
the existing atoms in the Universe to do one computation for you, and
maybe store the result. But lookups would have to be extra! :).
>I'm having a hard time objecting to that!
:-)
- [Cfrg] matching AES security D. J. Bernstein
- Re: [Cfrg] matching AES security Robert Moskowitz
- Re: [Cfrg] matching AES security Natanael
- Re: [Cfrg] matching AES security Tanja Lange
- Re: [Cfrg] matching AES security Paul Lambert
- Re: [Cfrg] matching AES security Benjamin Black
- Re: [Cfrg] matching AES security Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] matching AES security Phillip Hallam-Baker
- Re: [Cfrg] matching AES security Watson Ladd
- Re: [Cfrg] matching AES security Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] matching AES security Michael Hamburg
- Re: [Cfrg] matching AES security Andrey Jivsov
- Re: [Cfrg] matching AES security Andy Lutomirski
- Re: [Cfrg] matching AES security Andy Lutomirski
- Re: [Cfrg] matching AES security Michael Hamburg
- Re: [Cfrg] matching AES security Sandy Harris
- Re: [Cfrg] matching AES security James Cloos
- Re: [Cfrg] matching AES security Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] matching AES security Nico Williams
- Re: [Cfrg] matching AES security Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] matching AES security Phillip Hallam-Baker
- Re: [Cfrg] matching AES security Watson Ladd
- Re: [Cfrg] matching AES security Johannes Merkle
- Re: [Cfrg] matching AES security Robert Moskowitz
- Re: [Cfrg] matching AES security Brian Smith
- Re: [Cfrg] matching AES security Peter Gutmann
- Re: [Cfrg] matching AES security Andrey Jivsov
- Re: [Cfrg] matching AES security Watson Ladd
- Re: [Cfrg] matching AES security Alex Elsayed
- Re: [Cfrg] matching AES security Peter Gutmann
- Re: [Cfrg] matching AES security Alyssa Rowan
- Re: [Cfrg] matching AES security Phillip Hallam-Baker
- Re: [Cfrg] matching AES security Dan Brown
- Re: [Cfrg] matching AES security Dan Harkins
- Re: [Cfrg] matching AES security Ilari Liusvaara
- Re: [Cfrg] matching AES security D. J. Bernstein