Thread: TrueCrypt 5.0a - Non KakaWare
View Single Post
  #139 (permalink)  
Old 02-18-2008, 01:31 PM
Kristian Gjøsteen
Guest
  
Posts: n/a
Default Re: TrueCrypt 5.0a - Non KakaWare
Sebastian G. <seppi@seppig.de> wrote:
>Kristian Gjøsteen wrote:

Please don't mess up the attributions!

>>> http://www.schneier.com/twofish-analysis-shiho.pdf
>>
>> It's mischaracterisation, then. It's quite amazing that, even when
>> the paper does not claim attacks against Twofish, you claim that it has
>> attacks against Twofish.
>
>Aside from the fact that it attacks a generalized version of TwoFish and is
>the second or three parts of a cryptoanalysis on TwoFish by Moriai and Yin...

To support the claim that there are attacks against Twofish, you refer
to, out of a three-part series, the part that doesn't have an attack
on Twofish? That's amazingly useless.

By the way, there's no "generalized version of Twofish" in that paper.

The likelihood is that you are talking nonsense, as usual.

> > And furthermore, it's the same reference you
>
>> provided last time. This isn't even funny.
>
>And my opinion hasn't changed. It is some serious work by some serious
>people, and Mr. Schneier still fails to give any reason why he thinks this
>attack doesn't apply to TwoFish.

Perhaps because it _isn't_ an attack?

>>>> PS. I'm still waiting for a reference to the claim that AES-256 with 16
>>>> rounds is vulnerable to differential cryptanalysis.
>>> I didn't claim it vulnerable; the attack is just a space-time-tradeoff.
>>
>> Quoting <61iqi2F1v5avoU1@mid.dfncis.de>:
>>
>> Par example AES-256 has 14 rounds with no known differential
>> or linear attack, but if you raise it to 16 rounds there's a
>> differential attack with 2^64 chosen plaintexts and 2^192 steps.
>>
>> So you didn't claim it vulnerable?
>
>No. Can't you read?

What??? I'm not a native English speaker, but come on!

>> And it's not a differential attack, it's a space-time-tradeoff.
>
>Yes, due to a differential attack. A cryptographically secure cipher
>shouldn't omit such characteristics.

This is nonsense! Post a reference to the attack.

> The reason why it doesn't matter is
>that 2^64 is still much beyond practical, and will probably stay so for the
>supposed time of usage for AES.

It doesn't matter because, with high probability, it only exists in
your imagination.

--
Kristian Gjøsteen

Reply With Quote