IETF Logo Mail Archive

Re: [TLS] Comparative cipher suite strengths

Bill Frantz <frantz@pwpconsult.com> Fri, 01 May 2009 01:54 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 355EC3A6DFF for <tls@core3.amsl.com>; Thu, 30 Apr 2009 18:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oq-6by3JAs5s for <tls@core3.amsl.com>; Thu, 30 Apr 2009 18:54:09 -0700 (PDT)
Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by core3.amsl.com (Postfix) with ESMTP id 394613A67E6 for <tls@ietf.org>; Thu, 30 Apr 2009 18:54:09 -0700 (PDT)
Received: from [173.75.83.140] (helo=[192.168.1.5]) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1LzhyO-0005Ku-7t for tls@ietf.org; Thu, 30 Apr 2009 21:55:32 -0400
Date: Thu, 30 Apr 2009 18:56:35 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: tls@ietf.org
X-Priority: 3
In-Reply-To: <20090423185550.GW1500@Sun.COM>
Message-ID: <r02010500-1049-4DA06D4F35F311DE824F0030658F0F64@[192.168.1.5]>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.1.5 (Blindsider)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79017bfb47d147a765635d6ea5925a7b3c350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.140
Subject: Re: [TLS] Comparative cipher suite strengths
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2009 01:54:10 -0000

Nicolas.Williams@sun.com (Nicolas Williams) on Thursday, April 23, 2009 wrote:

>The more likely explanation is that *some* imaginable
>cryptanalytic advances could reduce the effective strength of AES in
>such a way that longer keys remain more secure than shorter keys.

When I think of the reasons that NSA/DOD could have for requiring AES-128
for secret and AES-192 for top secret, I think they may be looking at the
whole cryptographic system. While symmetric cyphers have some solid math
behind them, other parts of the system, such as generating random numbers
for the keys are frequently more akin to black magic.

If my random numbers were only 75% random against some attack, with AES-192
I would still have 128 bits of strength against a brute force attack. With
AES-128, I'd only have 96 bits, and I would be quite concerned when
protecting top secret data.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"After all, if the conventional wisdom was working, the
408-356-8506       | rate of systems being compromised would be going down,
www.periwinkle.com | wouldn't it?" -- Marcus Ranum

v2.23.0 | Report a Bug | By Email