No, you are wrong now. I posted a statement that we can't predict the NSA's current capability and implying that we shouldn't underestimate them. You chose to go point-by-point to prove me wrong - at which you failed. Your documentation consisted of name dropping and place dropping rather than investigation of the facts.
Clearly you're the one making it a personal issue by commenting on my intentions and insinuating I am only making incorrect assertions. I"ve backed up my claims.
I'm done with the thread; you can have it and the last word. Readers of the thread can decide if inaccurate claims that Bruce Schneier says Rijndael is wonderful count more than his documented words about the potential risks with it. By the way - AES is Rijndael, not a derivative. When NIST and the NSA put their stamp on Rijndael as the winner of the AES competition, the two became synonymous.
All I said in my first post was that it was the NSA's choice who won - and it was. And that they have tremendous capabilities. Most everything else I've said in this thread was to defend against the attacks you made on my statements.
Really? Anyone who disagrees with you knows nothing about cryptography? Does that include Bruce Schneier?
So, when you're losing the documentation argument you now start with the personal attacks. It says a lot.
Your turn. And then the end.
Edit, well crap. I just noticed that you said AES had to pass ITAR. More stuff that you spouted about which you do not know. What does that mean, to pass ITAR? It's not a test or a form to fill out. ITAR is International Trade in Arms Regulations. Encryption is not ARMS.
https://en.wikipedia.org/wiki/International_Traffic_in_Arms_Regulations
http://www.gpo.gov/fdsys/pkg/FR-1996-11-19/pdf/96-29692.pdf
So, instead of trying so hard to prove me wrong, point-by-point, you should have spent more time reading and learning.
My head hurts. It honestly does. Wow.
Ah, some history, I used to do export control for Sikorsky. And long before that I was the type of person to attend Defcon. Yes, encryption was considered a munition, and it was on the US Munitions List (USML). Folks got rsa code tattooed on themselves, and a few jokingly submitted for export licenses because legally they were now considered arms or munitions under ITAR and USML. Daniel J. Bernstein sued on the matter and won. Specifically, that "ITAR licensing scheme as applied to Category XIII(b) acts as an unconstitutional prior restraint in violation of the First Amendment", see Bernstein v. US Department of Justice.
Er, what you see as "name dropping and place dropping" are called "citations". The above was covered when I previously said "See Executive order 13026" in a previous post. EO 13026 transferred most encryption from ITAR to EAR, but there's still some sticky areas when it comes to actual hardware instead of raw source code or math. I included another citation above, which I'm sure you'll count as name dropping because it's not a link to Wikipedia.
Rijndael and AES are not exactly the same thing. AES is FIPS-197, a NIST specification. Rijndeal, for instance, allows for block or key sizes to be 128, 160, 192, 224 or 256. AES block sizes are 128 exclusively, with only keys of 128, 192 or 256 bits. See "The Design of Rijndeal" by Joan Daemen and Vincent Rijmen, page 31. A pretty good book, actually. AES is an implementation of Rijndael, per the developers of Rijndael. Er, I suppose I should link to Wikipedia as a more reliable citation, however.
