04-对称密码-AES-RC4教程讲解.pptVIP

* 华中农业大学信息学院 * RC4 的安全强度 声称可以对付已知攻击 有许多攻击方法，但没有哪种方法对于足够长度密钥（128比特）的RC4有效。 非线性很高 永远不能重复使用密钥 WEP的产生密钥的漏洞与RC4无关 * 华中农业大学信息学院 * 小结 2DES、3DES AES RC4 * 华中农业大学信息学院 * 作 业 * The simplest form of multiple encryption has two encryption stages and two keys - Double-DES. Have concern that there might be a single key that is equivalent to using 2 keys as above, not likely but only finally proved in 1992. More seriously have the “meet-in-the-middle” attack, first described by Diffie in 1977. It is a known plaintext attack (ie have know pair (P,C), and attempts to find by trial-and-error a value X in the “middle” of the double-DES encryption of this pair, and chances of this are much better at O(2^56) than exhaustive search at O(2^112). * Listed above are NIST’s requirements for the AES candidate submissions. These criteria span the range of concerns for the practical application of modern symmetric block ciphers. * In fact, two set of criteria evolved. When NIST issued its original request for candidate algorithm nominations in 1997, the request stated that candidate algorithms would be compared based on the factors shown in Stallings Table5.1, which were used to evaluate field of 15 candidates to select shortlist of 5. These had categories of security, cost, and algorithm implementation characteristics. The final criteria evolved during the evaluation process, and were used to select Rijndael from that short-list, and more details are given in Stallings Table 5.2, with categories of: general security, ease of software hardware implementation, implementation attacks, flexibility (in en/decrypt, keying, other factors). * The AES shortlist of 5 ciphers was as shown. Note mix of commercial (MARS, RC6, Twofish) verses academic (Rijndael, Serpent) proposals, sourced from various countries. All were thought to be good – it came down to the best balance of attributes to meet criteria, in particular the balance between speed, security flexibility. * The Rijndael proposal for AE