[Cryptography] Best AES candidate brokenby the way that
Ryan Carboni
ryacko at gmail.com
Sun Jul 5 15:59:10 EDT 2015
On Sun, Jul 5, 2015 at 1:11 AM, Brian Gladman <brg at gladman.plus.com> wrote:
> On 05/07/2015 06:34, Ryan Carboni wrote:
> >
> > On Sat, Jul 4, 2015 at 9:01 PM, Jerry Leichter <leichter at lrw.com
> > <mailto:leichter at lrw.com>> wrote:
> >
> > On Jul 4, 2015, at 4:23 PM, Ryan Carboni <ryacko at gmail.com
> > <mailto:ryacko at gmail.com>> wrote:
> >> The best AES candidate,
> > Clearly many of the best cryptographers out there disagreed with
> > you, as it didn't make it to the final round - and there's been
> > general agreement that the AES selection process was of extremely
> > high quality.
> >
> >
> > Except there's one problem with that assertion... Rijndael is easily
> > broken by.... cache timing, differential power, and many other attacks.
> > The knowledge that those attacks could be used certainly was known
> > during the AES competition. [relevant page from Serpent submission
> > attached, will show up in the Metzdowd archives]
>
> But it is important to distinguish between algorithm failures and
> implementation failures.
>
> The fact that _some_ AES (or Rijndael) _implementations_ can be broken
> in _some_ usage scenarios does not mean that the algorithm itself is
> broken.
>
> All cryptographic algorithms are susceptible to failures that might be
> introduced by the way that they are implemented (although it is true
> that algorithm design can have a significant influence on the nature and
> impact of implementation weaknesses).
>
>
That is correct. This is why the NSA implements their cryptographic
algorithms on secure computer system on a wide area network separate from
the internet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150705/252cfa13/attachment.html>
More information about the cryptography
mailing list