[Cryptography] CFB/OFB/CTR mode with HMAC for key stream

Ben Laurie ben at links.org
Sat May 6 17:43:52 EDT 2017

On 6 May 2017 at 14:47, Markus Ottela via cryptography
<cryptography at metzdowd.com> wrote:
> I'm not entirely sure why three layers of AES256 are more secure than one.
> If the algorithm is not secure (meaning there is a method to break it in
> polynomial time), wouldn't the amount of security only increase by
> three-fold?


Say breaking AES is k^n (where k is whatever your time is a polynomial
of :-)). Breaking triple-AES is k^2n (+storage), which is quite a lot
more than three-fold, unless n or k are very small.

More information about the cryptography mailing list