Re: AES draft query

[EKR <ekr@rtfm.com>]

Paul Hoffman <paul.hoffman@vpnc.org> writes:
> At 03:54 PM 3/17/00 -0800, John Harleman wrote:
> >absolutely correct. but there is also 2 key 3des. as schneier and whiting
> >recently pointed out:
> >
> >http://www.counterpane.com/aes-comparison.html
> >
> >key size is increased at the cost of performance with all AES canidates. 
> >So why
> >would one use larger strength AES algorithms without using the corresponding
> >strength with public-key? cheers - john
> 
> There could be many reasons. Some might include:
> - due to your hardware accelerator, 128->256 AES might only cost you 50% 
> more time but the corresponding increase in public key might cost you 200%
> - the other party only offered you one AES length but many acceptable 
> choices for public key lengths
> There are probably others. The baseline decision is "are both the symmetric 
> and asymmetric keys strong enough for what I want?" If the answer is yes, 
> it does not matter if there is a mismatch in strength.
I disagree with this position, for two reasons:

1. It's inefficient from a design perspective. Why incur additional
performance costs if they don't add any security value? Even
if the cost is only 50%, why pay it if it's not adding anything.

2. It's very confusing to users, who expect security to increase
with increasing key size. 

-Ekr

---

Follow-Ups:

• Re: AES draft query
• From: Paul Hoffman <paul.hoffman@vpnc.org>

References:

• RE: AES draft query
• From: Paul Hoffman <paul.hoffman@vpnc.org>

---

• Prev by Date: Re: Announcing X-Bone VPN/overlay software release
• Next by Date: Re: AES draft query
• Prev by thread: RE: AES draft query
• Next by thread: Re: AES draft query
• Index(es):
  • Main
  • Thread