Strong Encryption

[Dries Schellekens]

On Thu, 8 Jul 2004, Lawrence Bowie wrote:

> Strongest aes-256 (possible attacks on it are differential and linear
> crytanalysis)

The best possible attack is exhaustive key search. Differential and linear
cryptanalysis have a lower complexity (than a brute force attack) only in
case of a reduced round version of AES. Yes, there is/was a lot of hype
regarding algebraic attacks, but finally it has been proven that they
don't work :-)

> or even 3des (because there are known attacks on it becauseit E(E(E(M))),
> M being the plaintext and E being the encryption function) but they are
> slower

3DES is EDE (encrypt-decrypt-encrypt) with 3 keys. This encryption
algorithm should not be used as it is much slower than AES and provides no
extra security over AES-192 and AES-256.

> ...Fastest blowfish

Ben already said RC4 is the fastest encryption algorithm supported by SSH,
but it has some cryptographic weaknesses.


The preferred encryption method is the counter mode CTR. CBC has some
small weaknesses; I personally don't consider them that severe.



Cheers,

Dries
-- 
Dries Schellekens
email: gwyllion at ulyssis.org