[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    RE: Announce loop-AES-v1.3b file crypto package
From:       "IT3 Stuart B. Tener, USNR-R" <stuart () bh90210 ! net>
Date:       2001-07-12 3:44:26
[Download RAW message or body]

Mr. Touloumtzis:

	I am sorry I misunderstood you, it just did not really seem clear to me,
thank you for your clarification.

	After having read Mr. Harris' reply to my commentary, I plan to implement
an AES-256bit encryption technology for use with my files and encryption of
logon and other areas.

	However, if I choose a pass phrase, say five randomly chosen words (five to
seven characters each) preceded by a random number in each case, then do you
perceive that AES would be fast enough to not inhibit the use of the
computer for doing normal work when applied against a file placed on an
already existent filesystem?


Very Respectfully,

Stuart Blake Tener, IT3, USNR-R, N3GWG
Beverly Hills, California
VTU 1904G (Volunteer Training Unit)
stuart@bh90210.net
west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043
east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859

Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's
free!)

JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL.

Wednesday, July 11, 2001 8:35 PM

 -----Original Message-----
From: 	owner-linux-crypto@nl.linux.org
[mailto:owner-linux-crypto@nl.linux.org]  On Behalf Of Mike Touloumtzis
Sent:	Wednesday, July 11, 2001 7:51 PM
To:	linux-crypto@nl.linux.org
Subject:	Re: Announce loop-AES-v1.3b file crypto package

On Wed, Jul 11, 2001 at 06:57:40PM -0700, IT3 Stuart B. Tener, USNR-R wrote:
>
> As well in paragraph three of your reply you state "AES is not needed
> because 3DES is insecure; it's needed mainly because 3DES is _slow_,
> especially in software." This statement appears to absolutely make little
> sense. First of all if 3DES is insecure as you state, why are you the only
> person saying so? As well, if we give you the benefit of the doubt and
> presume for the moment (and I disagree) that 3DES is insecure, why does
that
> make AES "not needed"!?! If 3DES is insecure, from my purview, it would
make
> AES MORE NEEDED!?!?! You then go on to state that AES is needed because
3DES
> is slow in software, but 3DES runs independently of AES, and there two (as
I
> understand) are separate algorithms. Hmm, guess I really didn't get you on
> that one.

You misunderstand me.  "AES is not needed because 3DES is insecure"
should be read as "3DES is still considered secure, so insecurity
of the current standard is not the reason for the AES process".

3DES is in fact a very safe choice if you don't care about speed
or smartcard/tamper-resistant implementations; it has withstood a
much longer period of public scrutiny than AES.

miket

Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]