[8005] in cryptography@c2.net mail archive
256-bit keys (was Re: Paranoid Encryption Standard)
daemon@ATHENA.MIT.EDU (Paul Crowley)
Fri Oct 27 00:07:56 2000
To: John Kelsey <kelsey.j@ix.netcom.com>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>,
Vin McLellan <vin@shore.net>, cryptography@c2.net,
cypherpunks@cyberpass.net
From: Paul Crowley <paul@cluefactory.org.uk>
Date: 25 Oct 2000 10:58:46 +0100
In-Reply-To: John Kelsey's message of "Mon, 23 Oct 2000 14:31:08 -0400"
Message-ID: <874s21z1gp.fsf_-_@hedonism.subnet.hedonism.cluefactory.org.uk>
John Kelsey <kelsey.j@ix.netcom.com> writes:
> Probably not too much, in terms of worrying about
> known-plaintext vs. chosen-plaintext attacks. Though
> honestly, I think designing your PES is like providing
> really effective padlocks for screen doors. (But you could
> say the same thing about AES with 256-bit keys.)
I agree on both counts. But I can see another use for larger keys
than resisting brute force attack: they increase the difficulty of
attacks on protocols and constructions based on inducing collisions in
keys.
--
__
\/ o\ paul@cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
