Confused about AES

Discussion in 'privacy technology' started by emmpe, Oct 12, 2008.

Thread Status:
Not open for further replies.
  1. emmpe

    emmpe Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    118
    Not being a native speaker of English I may have a semantic problem concerning the AES standard. I happened to read the FIPS Publication 197, which seems to say (§6) that this standard is approved only for "sensitive (unclassified) information" and that agencies using "cryptographic devices for protecting classified information can use those devices for protecting sensitive (unclassified) information in lieu of this standard". Obviously there's a difference between AES and "the real stuff". This would mean that AES isn't what you really want if you're particular (paranoid) about your privacy - or am I misunderstanding something here?
     
  2. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    FIPS 197 was published in 2001. Several things have changed concerning the use of AES, including expanding the use to include "Top Secret" with the use of 196 or 256-bit AES only. This change was made in 2003.

    The actual change in AES>Top Secret was made in CNSS Policy Document Number 15. You can read PD-15's "fact sheet" here:
    http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf

    Suite B Cryptographic information can be found at the NSA website here:
    http://www.nsa.gov/ia/Industry/crypto_suite_b.cfm

    Basically, you are correct in that Suite A algorithms are classified and little (read: no) information is known about them. However, the vast majority, of even security-related documents, are protected within (for example) the Department of Defense and the NSA, itself -- using the AES. It is fine for even the most paranoid of users.
     
  3. emmpe

    emmpe Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    118
    Thanks for your quick reply and good links. So I can relax, then, when it comes to encryption per se, and just keep worrying about crypto software implementation? It should make things a little easier for those of us who have to face the implementation of mass surveillance.
     
  4. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    Be confused no more!

    You can certainly relax when it comes to the AES; Rijndael is based on the conservative wide trail strategy of design, which renders efficient round transformations while allowing for provable bounds on the correlation of linear trails and the weight of differential trails. In other words, it caters to the simplicity of cryptanalysis, which is how a cryptographic primitive earns its bones.

    It's a prerequisite for any cryptographic primitive to undergo intense scrutiny before it's fielded, and it should please you to know that the AES is receiving more cryptanalytical attention than any other block cipher. In cryptography, standards provide the optimal setting for confidence in a particular design. Why? Because standards attract attention and attention is the first step to good cryptanalysis.

    As I've said countless times before, but just had to add once more, whenever cryptography fails in practice, it's almost never because of the cryptography itself; it's almost always because of the implementation. The reasons are many, but it boils down to the fact that about ability to implement and manage pails in comparison to our ability to innovate.

    Regarding cryptography as a layer of the security onion, it has, arguably, the best track record, and will continue to be one of the strongest links -- if not the strongest.
     
Loading...
Thread Status:
Not open for further replies.