Strong Encryption

Dries Schellekens gwyllion at ace.ulyssis.org
Sat Jul 10 01:30:12 EST 2004


On Fri, 9 Jul 2004, Dan Kaminsky wrote:

> >The best possible attack is exhaustive key search. Differential and linear
> >cryptanalysis have a lower complexity (than a brute force attack) only in
> >case of a reduced round version of AES. Yes, there is/was a lot of hype
> >regarding algebraic attacks, but finally it has been proven that they
> >don't work :-)
>
> Were the algebraic attacks formally disproven?  (This would be a nice
> thing.)

Algebraic attacks are in theory possible. But the algorithms proposed by
Courtois and other, XL and XSL, are broken. There will be proofs that the
complexity of these algorithms is not subexponential (which was claimed by
Courtois).

A collegue of mine has reviewed an number of papers (by different authors)
for some upcoming crypto conferences which prove other bounds for the
complexity.

Recently I saw a presentation by Claus Diem, a German mathematician,
proving that the XL algorithm doesn't pose any danger for the AES
algorithm.

> >The preferred encryption method is the counter mode CTR. CBC has some
> >small weaknesses; I personally don't consider them that severe.
> >
> >
> Given that SSH operates over TCP and thus has perfect record ordering
> and reconstruction, the advantages of CTR aren't nearly as great.  I'm
> open to being corrected on this assertion, though :-)

http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-02.txt
especially 5.2 Encryption Method Considerations


Cheers,

Dries
-- 
Dries Schellekens
email: gwyllion at ulyssis.org




More information about the openssh-unix-dev mailing list