Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Your Rights Online

Rijndael Cryptanalysis Results 5

Posted by michael from the numbers-game dept.
Anonymous Coward writes: "It appears by reading here that the Rijndael encryption algorithm has had more organized cryptanalysis performed against it and might not have fared too terribly well even using up to 9 rounds." Rijndael is one of the candidates for the U.S. Government's next-generation encryption standard.
This discussion has been archived. No new comments can be posted.

Rijndael Cryptanalysis Results More

Rijndael Cryptanalysis Results

Comments Filter:

  • The obvious has to be said... (Score:3)

    by Anonymous Coward on Wednesday September 27, 2000 @05:51AM (#750876)
    Since Round 2's comment period ended (go fig) the only real candidates have been Serpent and Rijndael. We've yet to see an even remotely applicable assault on Serpent as submitted, Serpent's speed has increased by a factor of 2-4 to catch up with everyone else, and in many cases leave them in the dust on raw speed, and now possibly assaults are being found on relatively beefy variants of it's only competitor, Rijndael. Looks like the underdog might get the gold afterall. Here's rootin' for da' snake in da' grass!
  • I'm not so sure about that. From what I could see, Rijndael was very weak even before this. 7 or 8 rounds (out of a recomended 10) could be broken. This doesn't leave a very good safety margin.

    Twofish seems to be very resistant to all known attacks, and certainly can't be counted out.

  • I think the government should have to give a key to a trusted third party so the public can sue to see their porn and copies of decss ... like they wanna do to us.
  • Will Bruce and company present the same sort of in-depth attack on their own AES candidate Twofish?

    I dunno... ever since that mistake in the code for Blowfish in the April 1994 issue of DDJ, I've kinda wondered who actually ghost-writes his code. IIRC, 32 bit addition ignoring overflow is what was called for, and in the listing it ended up being 32 bit addition and a mod(32) or some such, which set most of the bits of the register back to 0. That couldn't have helped... Anyone else catch that? In another implementation I saw, it became mod(232) which is truly strange. I guess that came from this [counterpane.com] where 2^32 becomes simply 232 if your browser doesn't render the SUP tag.

    Free and unpatented algorithms are great to have around though, and I expect to see blowfish/twofish products even after the AES winner is revealed.

  • An established attack on a reduced round version of a cypher doesn't mean the cypher is weak. A cypher must be considered in it's entirety else you are cryptanalysing a different cypher. It is accepted practise to attack reduced rounds then build on those attacks, but to imply a cypher is weak because it's six round variant can be broken in only half of eternity is misleading. (the nine round attack requires so much known text and so many related keys, it would be more practicle to mount a brute force attack)

Slashdot Top Deals

What the gods would destroy they first submit to an IEEE standards committee.

Close