Evan Prodromou wrote:
>
> >>>>> "PB" == Paulo Barreto <sao19677terra.com.br> writes:
>
> >> BTW, I was talking to a cryptanalyst over at ISSI and he was
> >> having his doubts about some aspects of Rijndael. Has anyone
> >> heard whether or not it will get tweaked before it becomes the
> >> AES standard?
>
> PB> Either clearly expose what these 'doubts' are or stop
> PB> spreading such nonsense and boring (*) rumors.
>
> Jeez, man! Give the poor bastardo a break. It's not like he claimed
> that R1JND43L H4Z B33N KR4X0R'D or something. Isn't it perfectly
> reasonable and in fact _desirable_ that a relatively new algorithm
> under public review should show at least one tiny fault or possible
> improvement?

Of course tiny faults (or even big ones) are possible. However, it
is not helpful to say something so vague that it can't be checked --
"there may be a problem, but I'm not telling you what it might be."
A more helpful type of concern was raised by Schroeppel et al.: they
found and published some analysis showing that Rijndael has a much
simpler algebraic representation than they would have expected, and
that this gave them some concern that an attack might be found that
capitalized on this structure. This is helpful, because it gives
people a reason for the concern and a place to look for an attack,
even though it doesn't come close to demonstrating a weakness.

Granted, the remark quoted above is rather innocuous. Perhaps the
negative reaction is based on the OP's earlier concerns that IPsec
and AES don't provide adequate back doors for the government, and
speculation that this aspect of Rijndael might be what bothered the
kind of people he talks to.

-- 
	Jim Gillogly
	Hevensday, 24 Blotmath S.R. 2001, 17:48
	12.19.8.13.3, 3 Akbal 1 Ceh, Second Lord of Night

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]