At 01:44 PM 10/10/00 -0400, Arnold G. Reinhold wrote:
>Thanks for the summary. My only problem with Rijndael is that it is still rather
>young. I recall reading that NSA takes seven years to qualify a new cipher. It took
>at least that long for the open cryptographic community to trust DES. If someone
>asked me what cipher to use today in a new, very high value application, I would have
>a hard time choosing between Rijndael and 3DES. Rijndael appears to be a far superior
>design, but 3DES has enjoyed a lot more scrutiny.
>
>I was thinking it might be useful to define a "Paranoid Encryption Standard (PES)"
>that is a concatenation of all five AES finalists, applied in alphabetical order, all
>with the same key (128-bit or 256-bit). ...
To be truly paranoid, shouldn't you use independent, unrelated keys? What if the
"outermost" cipher falls to an attack that allows the key to be computed, thus
allowing the same key to be plugged into all the "inner" ciphers?
To put this suggestion into perspective, consider that in the real world, pure cipher
strength is rarely the weakest link in the security chain, provided that a reasonable
key length and cipher are chosen. Having done that, go for it if you still think you
can afford the extra time, space, and key management with (probably) no measurable
increase in overall system security.
_______
Michael Paul Johnson
[EMAIL PROTECTED] http://ebible.org/mpj
