[Cryptography] Dan Bernstein has a new blog entry on key breaking
Ryan Carboni
ryacko at gmail.com
Sat Nov 21 16:56:24 EST 2015
It's not a very valid argument, whenever someone contradicts themself, I
take them less seriously. He ignores that each evaluation of an AES
plaintext-ciphertext pair to confirm usage under a key is roughly linear
increasing cost (particularly since key generation per round is technically
simpler than a single round encryption). Thus bruteforcing multiple secret
keys is not equal to bruteforcing a single secret key no matter what he
says.
There are limited instances in which his argument is valid though... if
you're not using an initialization vector.
He then goes on to talk about computational costs of arithmetic versus
memory operations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151121/f38e09b8/attachment.html>
More information about the cryptography
mailing list