[uanog] IPSec performance @ x86

Wed Feb 1 14:17:27 EET 2017

On 2/1/17 12:41 PM, Sergey Smitienko wrote:

> А AES-256 не нужен. AES-256 на самом деле слабее, чем AES-128.
> "Assuming you're talking about AES 128 versus AES 256, there is a 
> known weakness in the key expansion function that affects AES256.
> Fundamentally, the weakness reduces the complexity of AES256 to that 
> lower than AES128."
> http://eprint.iacr.org/2009/374
http://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions

"Related-key attacks are not a problem when the encryption algorithm is 
used for encryption, because they work only when the victim uses several 
distinct keys, such that the differences (bitwise XOR) between the keys 
are known to the attacker and follow a very definite pattern. This is 
not the kind of thing which often occurs in protocols where AES is used; 
correspondingly, resistance to related-key attacks was not a design 
criterion for the AES competition."

"No. AES-256 is not weaker than AES-128. Absolutely not. And I disagree 
with the the advice that you should avoid AES-256. The attack against 
AES-256 is a related-key attack, which is irrelevant to most real-world 
uses of AES-256. Related-key attacks only become relevant if you use the 
block cipher improperly, which is not something that you ought to be 
doing. [ ... ] So, basically, pay no attention to those claimed attacks 
on AES-256. They are a theoretical curiousity with little or no 
relevance to practice at the moment."

" Note, that related-key scenarios are very academical. Here, 
cryptographers assume that an adversary can 'partially control' some 
relations among keys used in the computation."

Как-то так. Атака возможна, если атакующий либо обладает доступом к 
вычислительной системе, либо "жертва" генерирует related keys по 
определенному алгоритму и *цепочка *некоторых из них доступна атакующей 
стороне. Иными словами - *это то, с чем в реальной жизни столкнуться 
практически невероятно*.

-- 
Volodymyr Litovka
   "Vision without Execution is Hallucination." -- Thomas Edison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.uanog.kiev.ua/pipermail/uanog/attachments/20170201/781f24b6/attachment.html>