[25244] in cryptography@c2.net mail archive
Re: Status of attacks on AES?
daemon@ATHENA.MIT.EDU (Marcos el Ruptor)
Thu May 11 09:58:57 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Marcos el Ruptor" <ruptor@cryptolib.com>
To: cryptography@metzdowd.com
Date: Wed, 10 May 2006 23:50:26 -0500
In-Reply-To: <20060510160157.GC21194@cs>
On Wed, 10 May 2006 10:01:57 -0600, John R. Black wrote
> On Thu, May 04, 2006 at 10:30:40AM -0500, Marcos el Ruptor wrote:
> >
> > http://defectoscopy.com/forum/viewtopic.php?t=3
> >
> > Expect new attacks soon enough.
> >
> I skimmed this. The start of the article says that after 3 rounds
> AES achieves perfect diffusion?!
It doesn't say that. Obviously you didn't read the article. It says that the
current version of our general purpose automated black-box tests can easily
distinguish 4 rounds of the AES from random and it says that *if* the AES
achieved complete diffusion [in the context of automated cryptanalysis] in 3
rounds [as Whirlpool does for example], then maybe 10 rounds could suffice
against most attacks although we would advise 12. But with 5 rounds required
to pass our tests we have serious reasons to believe that the AES will be
broken in the near future and that at least 20 rounds are required for it to
be secure.
Ruptor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
