[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: aes again
From:       Marc Mutz <Marc () Mutz ! com>
Date:       2001-12-13 22:24:13
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 13 December 2001 23:01, Newsmail wrote:
> ok, I understand, but could you explain the difference maybe in speed
> or security between aes256 and aes128?
<snip>

Well, aes256's key is 2x as long as aes128's. There are some minor 
changes in the way the cipher is calculated, IIRC, but that's not going 
to increase or decreases security.

Just the key is 2x as long, which means that a brute-force attack is 
even more unlikely to succeed (even with 128 bits and the billionfold 
computing power of all processors on earth it will take you the 
multiple age of the universe to search a 128 bits keyspace). And don't 
come up with the old argument about processors getting faster all the 
time. Search for 12GHz in this list's archive to see that there are 
physics limits to the upper computing power of the universe and a 
256bit key is well over which can safely deemed possible in the next 
hundred years.

Note, however that you'd had to type a 200 character (english text) 
passphrase to actually use this keyspace. For 128bit keys you already 
have to type in a 100 char english, 32 char random hexadecimal or 22 
random base64-chars passphrase. And I mean random in the sense of 
/dev/random, not as in "ape and keyboard"...

> >Just use AES128 encryption type, and loop-AES will use AES-128

ACK.

Marc

- -- 
The DMCA is unconstitutional, but they don't care. Until it's ruled
unconstitutional, they've won. If they can scare software companies,
ISPs, programmers, and T-shirt manufacturers [...] into submission,
they've won for another day. The entertainment industry is fighting a
holding action, and fear, uncertainty, and doubt are their weapons. We
need to win this, and we need to win it quickly. Every day we don't
win is a loss.                 -- Bruce Schneier, Crypto-Gram Aug 2001
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8GSqN3oWD+L2/6DgRAoWlAJ9ttaXqejGE0jVFeuunfe7/3ZMiUwCg9b3E
qY0Fug3oJPCzKu+1mD9nP+U=
=KY8e
-----END PGP SIGNATURE-----

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]