IETF Logo Mail Archive

Re: [TLS] Comparative cipher suite strengths

Dean Anderson <dean@av8.com> Thu, 23 April 2009 20:23 UTC

Return-Path: <dean@av8.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 748E83A6FD3 for <tls@core3.amsl.com>; Thu, 23 Apr 2009 13:23:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.547
X-Spam-Level:
X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7UelMF8FlYql for <tls@core3.amsl.com>; Thu, 23 Apr 2009 13:23:26 -0700 (PDT)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 976193A69B2 for <tls@ietf.org>; Thu, 23 Apr 2009 13:23:26 -0700 (PDT)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id n3NKOa6R001388 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 23 Apr 2009 16:24:37 -0400
Date: Thu, 23 Apr 2009 16:24:35 -0400
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
In-Reply-To: <20090423150515.1b202723@cs.columbia.edu>
Message-ID: <Pine.LNX.4.44.0904231611550.3831-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Comparative cipher suite strengths
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2009 20:23:27 -0000

On Thu, 23 Apr 2009, Steven M. Bellovin wrote:

> One more point: NSA may or may not be able to speak ex cathedra on
> strength; we'll never know.  They have said publicly that they trust
> 256-bit AES a lot, and a lot more than they trust 128-bit AES.  That
> statement is *completely* unprecedented.

What's classified top secret is itself classified; and as I understand
it, so is the storage and handling of top secret materials, so I think
they shouldn't disclosed that AES256 is suitable for top secret because
that fact should be a secret that should only be known to people with
top secret clearance who handled top secret data.  Identifying the
cipher in use is part of the cryptanalysis problem, and they shouldn't
make that any easier; someone wasn't thinking.

> The really interesting question is this: what will NSA ever do, if
> they ever figure out how to crack AES-256?  Officially decertify it
> for TS use, thereby telling the world they think it's no longer that
> strong?

Easy, they can tell the top secret world that they have a better cipher,
which doesn't mean AES-256 is insecure, but only that the new cipher is
stronger.

		--Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000

v2.23.0 | Report a Bug | By Email