[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

>>>>> "Yoav" == Yoav Nir <ynir@CheckPoint.com> writes:

 Yoav> Why not make the requirement about effective strength?  That
 Yoav> way, if ever it turns out that AES_128 can be broken in 2**90
 Yoav> steps, it automatically becomes a SHOULD NOT.

That idea is somewhat appealing, but how would you define effective
strength?  There's memory, there's precomputation, and there's the
subsequent computation for the attack.  All three parts matter.  (If
you omit precomputation and memory, then all block ciphers have
strength 1...)