Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 May 2002 11:06:14 -0400
From:      David Dagon <dagon@cc.gatech.edu>
To:        jack xiao <jack_xiao99@hotmail.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: AES(rijndael)
Message-ID:  <20020506110614.B90233@fritz.cc.gt.atl.ga.us>
In-Reply-To: <OE64AAkjtjsX3Ra5cNt000073cd@hotmail.com>; from jack_xiao99@hotmail.com on Mon, May 06, 2002 at 10:26:47AM -0400
References:  <OE64AAkjtjsX3Ra5cNt000073cd@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, May 06, 2002 at 10:26:47AM -0400, jack xiao wrote:

> I have some questions about AES(rijndael) algorithm. AS far as I know, The
> AES algorithm is capable of using cryptographic keys of 128, 192, and 256
> bits to encypt and decrypt data in blocks of 128 bits. 

This is correct.  With 128 bit keys, there are ~3.4 x 10^38 keys, with
192 bits, there are ~6.2 x 10^57 keys, and 256 bits yields ~1.1 x
10^77.  You can examine a reference implementation from the authors
at:

  http://csrc.nist.gov/encryption/aes/rijndael/rijndael-unix-refc.tar

and also:

  /usr/src/sys/crypto/rijndael

> Is that to say, AES is capable using more kinds of keys than 128,
> 192, 256 bits long? Could you please give me your thoughts?

FYI, DES uses a 64 bit input as a key but only 56 bits are used for
the actual key itself.  (The other bits are 'parity', or were
discarded in the standard to weaken DES, depending on your
perspective.)  Most modern systems also add salt to increase the
strength of DES.  Freebsd has des_cipher(3) that accepts up to 24 bits
of salt for ~16M variations on simple DES.

The FIPS 197 standard for AES lists only 128, 192, 256 bit key sizes.
While it may be possible to write a program that takes larger keys,
one would have to first investigate whether the larger keys would
yield expansions/shifts that create congruences, or would then be
vulnerable to weak keys, etc.

-- 
David Dagon              /"\                          "When cryptography
dagon@cc.gatech.edu      \ /  ASCII RIBBON CAMPAIGN    is outlawed, bayl
Georgia Inst. of Tech.    X     AGAINST HTML MAIL      bhgynjf jvyy unir
                         / \                           cevinpl."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020506110614.B90233>