"Michael T. Babcock" wrote: > <snip> > > I think it would be most beneficial here to definately consult with a real > cryptographer if 'we' want to know how to handle this correctly. There may > or may not be a paper written somewhere on the issue too. > <snip> You don't need a 'real' cryptographer (better. cryptanalyst or cryptologist) to understand that Rijndael was defined for key lengths of 128 to 256 bits in steps of 32 bits. Look at it's structure and you'll understand why. Twofish was defined for 128, 192 and 256 bits, but with a description of how to handle key lengths that don't match the defined ones. The point here is that if you leave the path that the authors of the algorithm have drawn or that is described in a standard somewhere, you'll lose all cryptanalytic results obtained for that cipher. So you should simply stay with the definition of the cipher. The AES committee has refused to alter the definitions of the finalist ciphers precisely because adding or subtracting rounds would invalidate all or most of the cryptanalysis obtained in the review period. This was although the common feeling after AES3 was that Rijndael should be elected with added rounds. Marc -- Marc Mutz <Marc@xxxxxxxx> http://EncryptionHOWTO.sourceforge.net/ University of Bielefeld, Dep. of Mathematics / Dep. of Physics PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
