[13381] in cryptography@c2.net mail archive
Re: Nullsoft's WASTE communication system
daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Jun 1 16:01:28 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 01 Jun 2003 10:51:14 -0400
To: bear <bear@sonic.net>, Eric Rescorla <ekr@rtfm.com>
From: John Kelsey <kelsey.j@ix.netcom.com>
Cc: Bill Stewart <bill.stewart@pobox.com>,
<cryptography@metzdowd.com>
In-Reply-To: <Pine.LNX.4.40.0305301543580.31569-100000@bolt.sonic.net>
At 04:33 PM 5/30/03 -0700, bear wrote:
...
>Blowfish has been around longer than Rijndael; I think AES may not yet
>have gotten as much cryptographic attention as Blowfish's several-year
>headstart has given it. I think that a "perfect cipher" of Blowfish's
>block size would necessarily be less secure than a "perfect" cipher of
>AES' block size, but I'm not aware of any work demonstrating either to
>be an example of a "perfect cipher". (Nor any methodology such work
>could employ, for that matter).
AES has gotten a lot of attention, and right now, it's the high-prestige
target. (Among other things, it was clearly a front-runner in the AES
process from the beginning, and all of us who'd designed other algorithms
spent a lot of time trying to beat up on it.) Blowfish has been around
longer, but has probably had fewer people spend lots of time trying to
break it. The still-unresolved question is whether those equation-solving
attacks can really be used against AES, and there doesn't seem to be anyone
who's completely confident of the answer to that question.
...
> Bear
--John Kelsey, kelsey.j@ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
