On Wed, Jul 11, 2001 at 06:57:40PM -0700, IT3 Stuart B. Tener, USNR-R wrote: > > As well in paragraph three of your reply you state "AES is not needed > because 3DES is insecure; it's needed mainly because 3DES is _slow_, > especially in software." This statement appears to absolutely make little > sense. First of all if 3DES is insecure as you state, why are you the only > person saying so? As well, if we give you the benefit of the doubt and > presume for the moment (and I disagree) that 3DES is insecure, why does that > make AES "not needed"!?! If 3DES is insecure, from my purview, it would make > AES MORE NEEDED!?!?! You then go on to state that AES is needed because 3DES > is slow in software, but 3DES runs independently of AES, and there two (as I > understand) are separate algorithms. Hmm, guess I really didn't get you on > that one. You misunderstand me. "AES is not needed because 3DES is insecure" should be read as "3DES is still considered secure, so insecurity of the current standard is not the reason for the AES process". 3DES is in fact a very safe choice if you don't care about speed or smartcard/tamper-resistant implementations; it has withstood a much longer period of public scrutiny than AES. miket Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
