At 01:44 PM 10/10/00 -0400, Arnold G. Reinhold wrote:
Thanks for the summary. My only problem with Rijndael is that it is still rather young. I recall reading that NSA takes seven years to qualify a new cipher. It took at least that long for the open cryptographic community to trust DES. If someone asked me what cipher to use today in a new, very high value application, I would have a hard time choosing between Rijndael and 3DES. Rijndael appears to be a far superior design, but 3DES has enjoyed a lot more scrutiny.
I was thinking it might be useful to define a "Paranoid Encryption Standard (PES)" that is a concatenation of all five AES finalists, applied in alphabetical order, all with the same key (128-bit or 256-bit). ...
To be truly paranoid, shouldn't you use independent, unrelated keys? What if the "outermost" cipher falls to an attack that allows the key to be computed, thus allowing the same key to be plugged into all the "inner" ciphers? To put this suggestion into perspective, consider that in the real world, pure cipher strength is rarely the weakest link in the security chain, provided that a reasonable key length and cipher are chosen. Having done that, go for it if you still think you can afford the extra time, space, and key management with (probably) no measurable increase in overall system security. _______ Michael Paul Johnson mpj@eBible.org http://ebible.org/mpj