[Cryptography] Dumb question -> 3AES?
Sandy Harris
sandyinchina at gmail.com
Thu Aug 14 15:38:16 EDT 2014
Dan McDonald <danmcd at kebe.com> wrote:
> Diffie's EDE algorithm for a block cipher would apply to AES, correct?
Yes.
> Apart from "further pounding the rubble", is there any reason one couldn't
> (or shouldn't) consider 3AES for, say, long-term offline storage encryption?
Sure, but there may be better alternatives.
Another post suggests AES-X, which is much cheaper; so is AES-256.
Either is secure against brute force and the Even-Mansour paper and
various follow-ups show that a whitened construction is secure against
a broader range of attacks.
The reason double DES is ineffective & 3DES only gives 112-bit
security is a meet-in-the-middle attack. That attack depends on
the two parts using different keys. Construct a big key schedule
that keys both parts from the same base key and doubling is
safe. AES-128 has ten rounds & 11 round keys, AES-256 14
& 15. Another AES candidate, Serpent, used 32 rounds so its
key schedule would give enough keys for a safe double AES.
My Enchilada paper suggests combining AES with the ChaCha
stream cipher, and argues that this is highly secure:
http://competitions.cr.yp.to/round1/enchiladav11.pdf
More information about the cryptography
mailing list