[Cryptography] Wi-Fi WPA3 announced

Phillip Hallam-Baker phill at hallambaker.com
Thu Jun 28 14:20:48 EDT 2018


On Wed, Jun 27, 2018 at 8:49 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> Natanael <natanael.l at gmail.com> writes:
>
> >Notable new features:
>
> Another interesting feature is the fact that this may be the first
> encryption
> system that goes to 10 1/2:
>
>   "offers the equivalent of 192-bit cryptographic strength"
>
> Since 128 bits is the benchmark 10 and going to 11 is 256 bits for when you
> really need that factor of 340,282,366,920,938,463,463,
> 374,607,431,768,211,456
> extra safety margin, this one goes to 10 1/2.
>
> Peter.
>

‚ÄčThere is a good argument to be made for 256 and 128 bits. I have never
seen a good case for 192.

The case for 128 is that it is the bare minimum required to make the brute
force work factor infeasible on traditional machines. The case for 256 bits
is that it provides a safety margin for quantum resistance.

The number of rounds is 10,12 and 14. for 128, 192 and 256 bit keys. At an
RSA, Adi Shamir suggested that NIST increase the number of rounds in 128
bit AES to provide something of a safety margin. Which is why I always use
256 for my work.

I cannot imagine anyone using a quantum computer to break link layer
encryption (which is what WPA3 is) but then neither can I imagine the range
of uses and abuses people will put WPA3 to.

I would have gone to 11. Even on the smallest devices, I don't know of a
situation where 128 bit AES is acceptable but 256 is not. I know plenty of
cases where AES won't work at all but none so close to the edge that 40%
extra time is significant.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180628/faa842a7/attachment.html>


More information about the cryptography mailing list