I had a thought about AES security today. Maybe there were some lucky coincidences that ultimately made AES more secure. Let me explain (thread):
Yes, the side-channel attacks. There's every reason to have cryptographic confidence in AES, and implemented in hardware or with a very careful implementation it's safe, but we shouldn't lock in on it as a gold standard. We can do better!
-
-
not disagreeing that we should try to do better. but are we there yet? Is there a replacement algorithm where there's good reason to believe that it has much better sidechannel and implementation flaw resistance?
-
Given current processes for agreeing on replacement algorithms, we'd likely have less confidence in the replacement than in AES. Look at how everybody is using SHA-2 in part because of the SHA-3 vs. Blake2 thing that's still ongoing.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.