[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AES draft query

To: ipsec@lists.tislabs.com
Subject: RE: AES draft query
From: Paul Hoffman <paul.hoffman@vpnc.org>
Date: Fri, 17 Mar 2000 19:14:43 -0800
In-Reply-To: <852568A5.0083390E.00@smtpmail.certicom.com>
Sender: owner-ipsec@lists.tislabs.com

At 03:54 PM 3/17/00 -0800, John Harleman wrote:
>absolutely correct. but there is also 2 key 3des. as schneier and whiting
>recently pointed out:
>
>http://www.counterpane.com/aes-comparison.html
>
>key size is increased at the cost of performance with all AES canidates. 
>So why
>would one use larger strength AES algorithms without using the corresponding
>strength with public-key? cheers - john

There could be many reasons. Some might include:
- due to your hardware accelerator, 128->256 AES might only cost you 50% 
more time but the corresponding increase in public key might cost you 200%
- the other party only offered you one AES length but many acceptable 
choices for public key lengths
There are probably others. The baseline decision is "are both the symmetric 
and asymmetric keys strong enough for what I want?" If the answer is yes, 
it does not matter if there is a mismatch in strength.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:

Re: AES draft query

From: EKR <ekr@rtfm.com>

RE: AES draft query

From: Paul Koning <pkoning@xedia.com>

References:

RE: AES draft query

From: "John Harleman" <jharleman@certicom.com>

Prev by Date: RE: Heartbeats draft available
Next by Date: Re: Announcing X-Bone VPN/overlay software release
Prev by thread: RE: AES draft query
Next by thread: Re: AES draft query
Index(es):
- Main
- Thread