On Aug 19, 2009, at 9:28 AM, Kevin Hilton wrote:
Although I usually get a wide range of responses, is there any
practical advice an end-user should take away from the recent AES256
attacks as described
here:http://www.schneier.com/blog/archives/2009/07/another_new_aes.html?
Should I continue to use AES256 (double AES) or default to single AES
or simply default back to 3DES, or just sit tight? Although I found
the article interesting (not sure if I understood a lot of the blog
comments), is there any practical advice I should take away from it as
it relates to GnuPG?
The brief summary is don't worry too much about it.
The less brief summary is that given a particular relationship between
the (session) keys in use, and multiple copies of the same plaintext
encrypted with these particular keys, an attacker can attack a
simplified version of AES256 in less time than it would take to attack
it via brute force (and amusingly enough, in less time than it would
take to attack AES128). The multiple catches here is that you usually
don't have special keys, you don't usually have multiple copies of the
same plaintext encrypted with the special keys, the amount of time it
would take to attack is still unfeasible, and GnuPG doesn't use a
simplified version of AES256 anyway (nobody does).
Is this bad for AES256? Absolutely. It's a crack in the armor. But
is it a problem in OpenPGP today? Not really, no.
So speaking about how it relates to GnuPG, I wouldn't bother to do
anything about it, personally, but if it worries you, you can easily
rank AES128 higher than AES256 in your preferences (or even remove
AES256 altogether if you like). Either way you're probably fine.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
