On Mon, Sep 2, 2013 at 8:28 PM, Nicholas Cole <nicholas.c...@gmail.com> wrote: > On Mon, Sep 2, 2013 at 5:04 AM, Henry Hertz Hobbit > <hhhob...@securemecca.net> wrote: > > [snip] > >> >> Paradoxically, AES256 & AES192 had >> weaknesses that made them less safe than AES (AES-128) several >> years back. May I humbly suggest TWOFISH or one of the >> CAMELLLIA ciphers as a first choice UNTIL you determine whether >> or not the fixes for AES-256 and AES-192 are retroactive? DID >> THEY GET THEM FIXED? I am just assuming they did but that means >> I HOPE the older implementation and the newer one can easily be >> discerned when you do the decipher. > > > [snip] > > I was curious about this. The wikipedia page mentions the "Related Key > Attack" on these cyphers, but is vague about whether they were ever > fixed. > > Does anyone know? > > And did fixes make it into the version used by Gnupg?
Even more importantly, were they ever an issue with GnuPG in the first place? That is, does GnuPG generate related keys? I was always under the impression that GnuPG randomly generated session keys rather than creating related session keys; if true, wouldn't this mean that the related-key attack doesn't apply? In regards to fixing the cipher, I'm not really sure that one can just issue a patch that would update the cipher itself (as opposed to a specific implementation of it): the cipher is standardized and is implemented in both hardware and software in zillions of devices and programs around the world. Adding more rounds or changing its functionality in some way to counter this attack would cause that changed version to diverge from the standard and it presumably not interoperate with standard AES. Cheers! -Pete -- Pete Stephenson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
