[8007] in cryptography@c2.net mail archive
Re: Paranoid Encryption Standard (was Re: Rijndael & Hitachi)
daemon@ATHENA.MIT.EDU (Ed Gerck)
Fri Oct 27 11:48:49 2000
Message-ID: <39F913B3.8E1D50E2@nma.com>
Date: Thu, 26 Oct 2000 22:33:39 -0700
From: Ed Gerck <egerck@nma.com>
MIME-Version: 1.0
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: John Kelsey <kelsey.j@ix.netcom.com>, Bram Cohen <bram@gawth.com>,
cryptography@c2.net, cypherpunks@cyberpass.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
"Arnold G. Reinhold" wrote:
> At 2:14 PM -0700 10/20/2000, Bram Cohen wrote:
> >This is just silly. There's nothing wrong with Rijndael.
> ...
> Testing is the most expensive part of any new cipher effort. So I
> think there is a practical basis for at least asking if there is a
> simple way to combine the AES finalists and take advantage of all the
> testing that each has already undergone. And, IMHO, it is an
> interesting theoretical question as well. Even if the answer is
> "yes," I am not advocating that it be used in most common
> applications, e.g network security, because there are so many greater
> risks to be dealt with. But it might make sense in some narrow, high
> value, applications.
...which should then use OTPs, no? The whole point of AES was a combination
of efficiency versus security. Otherwise, just use TripleDES.
Getting Rijndael in use, out on its own, is the best way to verify whether it
works well -- as efficiently and as securely as desired. This is the way to gain
confidence, by testing. Trust is earned.
Cheers,
Ed Gerck
