BS himself went through the AES ciphers in the latest cryptogram. http://www.counterpane.com/crypto-gram-0004.html
The pro-twofish slant is expected, I guess, but he does note that 7 out of 14 rounds on Rijndael have been broken, and says he would only recommend it with 18 rounds. Rijndael is fast in both hardware as well as software, which I guess is important for AES (not that I have a clue what they value), but unlikely to matter for us. On Thu, 27 Apr 2000, hal at finney.org wrote: > As far as ciphers go, the new US government standard cipher, called > AES, will be announced later this year. Whatever cipher we use now, > we should probably plan on switching to AES. Information on the ciphers > and timetable is available at http://csrc.nist.gov/encryption/aes/. > > Five final candidate ciphers have been chosen. Based on discussion on > sci.crypt and some communication I have had with the participants, there > is no clear front runner. However there is some feeling that a Dutch > cipher called Rijndael (pronounced rain-dahl) may have a slight edge, > perhaps with a boost to the number of internal data transformation rounds. > > Rijndael is fast, flexible, and looks strong. At the recent AES3 > conference, each submitting team was asked which cipher they would > support if their own weren't chosen, and Rijndael was the favorite, > according to reports (again, possibly boosting the number of rounds). > A poll taken among attendees also put Rijndael in the lead. > > Nevertheless there are many strong supporters of Twofish, designed by > a well known team of American cryptographers, including Bruce Schneier, > author of a standard introductory text. Another cipher called Serpent > is also popular although it tends to be slow in software. > > The two remaining ciphers, RC6 and MARS, don't seem to have many backers. > > Java implementations of all the ciphers are available at the NIST site, > although they might require some restructuring to be suitable for our > use. > > Twofish is not a bad choice for now; I'd guess it has maybe a 30-40% > chance of being chosen. Rijndael would rank a little higher, Serpent > a little lower. I would avoid the non-AES candidates at this point, > unless we just want to put something together quickly. Whatever cipher > we use, we should design the system to allow a change later. > > Hal > > _______________________________________________ > Freenet-dev mailing list > Freenet-dev at lists.sourceforge.net > http://lists.sourceforge.net/mailman/listinfo/freenet-dev -- Oskar Sandberg md98-osa at nada.kth.se #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
