Re: [LinkSec] RE: algorithm choices - criteria
Dear Russ:
I agree wholeheartedly (and worded that in my earlier email - see last line
below): one has to plan for change. In fact, this was one of the reasons to
compose an email on algorithm choices and criteria.
Rene
RH>>
I strongly encourage them development of an algorithm independent
protocol. If the group decided to do otherwise, the inflexibility will
cause great harm.
RH<<
RS>>
In general, I would like to advise against adopting any cipher that has not
established itself for a reasonably long enough time in the cryptographic
community. Furthermore, proper selection criteria include:
- cryptographic merits
- standardization and endorsement by bodies (e.g., FIPS, ANSI)
- implementation cost in software
- implementation cost in hardware
- re-use of implementation for both encryption and decryption
transformation
- RAM usage for keying material
I did not see any of the above criteria applied in the minutes of
yesterday's (Sep 2, 2003) conference call LinkSec. In fact, I do believe
that the applied crypto suite should be considered as a black box, and the
specification should just describe what the format of inputs and outputs
is. Please also see
http://eprint.iacr.org/2003/177/ and other publications in the IACR ePrint
Archive for proper guidance.
RS<<