Re: Incorporation of AES into IPSec

["John Harleman" <jharleman@certicom.com>]

estimating the strength of an algorithm depends on the best known attack. when i
say 80-bits of symmetric, i mean a symmetric algorithm that the best known
attacks are exponential and thus, it provides a true 80-bits of key strength. on
the public-key side, the best known attacks against rsa and diffie-hellman are
subexponential and based upon calculations, one can determine approximate time
to break (see the paper). this is not an exact science, but an approximation
when matching the time it takes to break one with the time it takes to break the
other. thus the circa. cheers - john





jerome@psti.com on 06.12.1999 11:34:30

Please respond to jerome@psti.com

To:   John Harleman/Certicom@Certicom
cc:
Subject:  Re: Incorporation of AES into IPSec




On Mon, Dec 06, 1999 at 08:56:40AM -0800, John Harleman wrote:
> aes will have speed and key size scalability over 3des. 3 key 3des provides
> 168-bits of symmetric privacy. aes will provide between 128-256-bits, but with
a
> considerable speed advantage. both are extremely strong, but it doesn't really
> matter given that a 1,024-bit diffie-hellman is often used to negotiate the
> keys. 1,024-bit diffie-hellman or rsa is the equivalent of circa 80-bits of
> symmetric. i will email you a paper separately. cheers - john

what do you call a circa 80bits of symmetric ? especially "circa"

---

• Prev by Date: RE: IPSec SA DELETE in "dangling" implementation
• Next by Date: Re: Incorporation of AES into IPSec
• Prev by thread: Re: Incorporation of AES into IPSec
• Next by thread: Re: Incorporation of AES into IPSec
• Index(es):
  • Main
  • Thread