Mr. Touloumtzis: I am sorry I misunderstood you, it just did not really seem clear to me, thank you for your clarification. After having read Mr. Harris' reply to my commentary, I plan to implement an AES-256bit encryption technology for use with my files and encryption of logon and other areas. However, if I choose a pass phrase, say five randomly chosen words (five to seven characters each) preceded by a random number in each case, then do you perceive that AES would be fast enough to not inhibit the use of the computer for doing normal work when applied against a file placed on an already existent filesystem? Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Wednesday, July 11, 2001 8:35 PM -----Original Message----- From: owner-linux-crypto@xxxxxxxxxxxx [mailto:owner-linux-crypto@xxxxxxxxxxxx] On Behalf Of Mike Touloumtzis Sent: Wednesday, July 11, 2001 7:51 PM To: linux-crypto@xxxxxxxxxxxx Subject: Re: Announce loop-AES-v1.3b file crypto package On Wed, Jul 11, 2001 at 06:57:40PM -0700, IT3 Stuart B. Tener, USNR-R wrote: > > As well in paragraph three of your reply you state "AES is not needed > because 3DES is insecure; it's needed mainly because 3DES is _slow_, > especially in software." This statement appears to absolutely make little > sense. First of all if 3DES is insecure as you state, why are you the only > person saying so? As well, if we give you the benefit of the doubt and > presume for the moment (and I disagree) that 3DES is insecure, why does that > make AES "not needed"!?! If 3DES is insecure, from my purview, it would make > AES MORE NEEDED!?!?! You then go on to state that AES is needed because 3DES > is slow in software, but 3DES runs independently of AES, and there two (as I > understand) are separate algorithms. Hmm, guess I really didn't get you on > that one. You misunderstand me. "AES is not needed because 3DES is insecure" should be read as "3DES is still considered secure, so insecurity of the current standard is not the reason for the AES process". 3DES is in fact a very safe choice if you don't care about speed or smartcard/tamper-resistant implementations; it has withstood a much longer period of public scrutiny than AES. miket Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
