Prev: how can i know if a python object have a attribute such as'attr1'?
Next: announcement: expy release 0.5
From: geremy condra on 26 Jan 2010 22:55 On Tue, Jan 26, 2010 at 4:00 PM, M.-A. Lemburg <mal(a)egenix.com> wrote: > > > geremy condra wrote: >> On Tue, Jan 26, 2010 at 12:37 PM, M.-A. Lemburg <mal(a)egenix.com> wrote: >> >> <snip> >> >>> You are also using CBC mode, even though you are really after >>> ECB mode (your code doesn't use chaining). With ECB mode, you >>> don't need the IV string. >> >> However, ECB mode is not as secure- the IV is the right way to go >> here. > > Right - I forgot that PyCrypto applies the chaining internally > when being passed data of more than 32 bytes. > >> I'd also note that you aren't supposed to use RandomPool anymore, >> and that AES-192 is frequently recommended over AES-256 for >> new applications due to a number of recent developments in >> the cryptanalysis of its key schedule. > > Do you have pointers for this ? > > I could only find > http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security > and > https://cryptolux.org/Block > Sure. The best source is the papers themselves: http://eprint.iacr.org/2009/374.pdf http://eprint.iacr.org/2009/317.pdf http://eprint.iacr.org/2009/242.pdf If you're interested I can provide more. The other thing to keep in mind is that several of the new attacks abuse algebraic properties of the key schedule, and that older attacks like XSL (eXtended Sparse Linearisation) and models (like the BES) are useful tools. There's also been some recent research into using bent functions for cryptanalysis, including cryptanalysis over GF(p), which falls into the lap of older models like the BES, which views AES in terms of GF(2^8), although I don't seem to be able to find free links to those papers. > My reading of their FAQ (https://cryptolux.org/FAQ_on_the_attacks) > is that using AES-128 is the way to go (and it's faster too) - at > least for the time being. In applications where speed is not of the essence, there doesn't appear to be a good reason to prefer AES-128 to AES-192, and while the margin is small, recent attacks have consistently led to results that are 2^10 or 2^12 larger for 192 than for 128. I also doubt highly that the wells opened by these newer results are the end of this question- so my advice would be to use 192 where possible, and keep an eye out just in case. Geremy Condra
First
|
Prev
|
Pages: 1 2 3 Prev: how can i know if a python object have a attribute such as'attr1'? Next: announcement: expy release 0.5 |