From owner-freebsd-security  Mon May  6  8: 4: 3 2002
Delivered-To: freebsd-security@freebsd.org
Received: from fritz.cc.gt.atl.ga.us (fritz.cc.gt.atl.ga.us [199.77.128.120])
	by hub.freebsd.org (Postfix) with ESMTP id C436937B406
	for <freebsd-security@FreeBSD.ORG>; Mon,  6 May 2002 08:03:52 -0700 (PDT)
Received: from fritz.cc.gt.atl.ga.us (localhost.cc.gt.atl.ga.us [127.0.0.1])
	by fritz.cc.gt.atl.ga.us (8.12.3/8.12.3) with ESMTP id g46F6FeX090315;
	Mon, 6 May 2002 11:06:15 -0400 (EDT)
	(envelope-from dagon@fritz.cc.gt.atl.ga.us)
Received: (from dagon@localhost)
	by fritz.cc.gt.atl.ga.us (8.12.3/8.12.3/Submit) id g46F6E8n090314;
	Mon, 6 May 2002 11:06:14 -0400 (EDT)
Date: Mon, 6 May 2002 11:06:14 -0400
From: David Dagon <dagon@cc.gatech.edu>
To: jack xiao <jack_xiao99@hotmail.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: AES(rijndael)
Message-ID: <20020506110614.B90233@fritz.cc.gt.atl.ga.us>
References: <OE64AAkjtjsX3Ra5cNt000073cd@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <OE64AAkjtjsX3Ra5cNt000073cd@hotmail.com>; from jack_xiao99@hotmail.com on Mon, May 06, 2002 at 10:26:47AM -0400
X-Echelon: RSA Crypto C4 Mossad CIA BXA Export Control Hello to all the fans of the US Patriot Act
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, May 06, 2002 at 10:26:47AM -0400, jack xiao wrote:

> I have some questions about AES(rijndael) algorithm. AS far as I know, The
> AES algorithm is capable of using cryptographic keys of 128, 192, and 256
> bits to encypt and decrypt data in blocks of 128 bits. 

This is correct.  With 128 bit keys, there are ~3.4 x 10^38 keys, with
192 bits, there are ~6.2 x 10^57 keys, and 256 bits yields ~1.1 x
10^77.  You can examine a reference implementation from the authors
at:

  http://csrc.nist.gov/encryption/aes/rijndael/rijndael-unix-refc.tar

and also:

  /usr/src/sys/crypto/rijndael

> Is that to say, AES is capable using more kinds of keys than 128,
> 192, 256 bits long? Could you please give me your thoughts?

FYI, DES uses a 64 bit input as a key but only 56 bits are used for
the actual key itself.  (The other bits are 'parity', or were
discarded in the standard to weaken DES, depending on your
perspective.)  Most modern systems also add salt to increase the
strength of DES.  Freebsd has des_cipher(3) that accepts up to 24 bits
of salt for ~16M variations on simple DES.

The FIPS 197 standard for AES lists only 128, 192, 256 bit key sizes.
While it may be possible to write a program that takes larger keys,
one would have to first investigate whether the larger keys would
yield expansions/shifts that create congruences, or would then be
vulnerable to weak keys, etc.

-- 
David Dagon              /"\                          "When cryptography
dagon@cc.gatech.edu      \ /  ASCII RIBBON CAMPAIGN    is outlawed, bayl
Georgia Inst. of Tech.    X     AGAINST HTML MAIL      bhgynjf jvyy unir
                         / \                           cevinpl."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message