3

NIST has a total of 3 approved block ciphers on their website: AES, TDES and skipjack.

I get why those are on there (though personally I find TDES a bit iffy) but from my understanding Twofish and Serpent are also good enough to make the list. so why aren't they there? are they too weak? have they been broken to an extend where they are no longer safe to use?

EXTRA:

I'm really interested in knowing why some ciphers are recommended and others aren't. I'm looking for an algorithm to use my self, to do this I want to make a selection of a few algorithms which are safe to use so I have a reason to fall back on when i'm asked why i chose for that specific cipher other than the standard excuse because it's AES (or NIST approved)

Are there credible sources I could quote for other algorithms (such as Twofish) which shows they are still reliable?

Vincent
  • 976
  • 2
  • 12
  • 30

2 Answers2

5

The reason NIST chose one algorithm out of the five AES finalists, even though all of them were pretty well-respected (and some were, at the time, considered likely to be more secure then Rijndael) is because NIST is a standards body, and the whole point of the AES project was to find a standard algorithm. The issue with approving lots of algorithms is that you can easily end up with multiple standards-compliant implementations that can't talk to each other because they don't implement the same algorithm. AES is supported everywhere, and is reasonably fast on all platforms (plus, the fact that it's so common makes stuff like AES-NI practical).

These days, it seems to be common to have several algorithms in order to provide a fallback if a flaw is found in one (for instance, that's the point of SHA-3), but that's not the normal way standards agencies work, and even with SHA-3 NIST picked one algorithm. It's not thought of as "good enough to make the list;" the rule is "the algorithm that best meets our goals for this standard."

As for why Rijndael was chosen -- it was a good balance of security, software performance, hardware performance, and ease of implementation (or so it was thought at the time; it's actually kinda tricky to securely implement). Twofish and Serpent were believed more secure at the time, but other things like performance meant they weren't good for all uses. Since the point was creating one standard, they weren't chosen.

cpast
  • 3,652
  • 1
  • 16
  • 28
2

Twofish and Serpent do not have any published non theoretical successful attacks (resulting in a complete break) so at this point in time they are considered secure. AES was chosen because the people making the decisions at NIST felt it made the best decisions (as far as the Rijndael spec goes) of making trade offs between security, speed, computing resources (memory and CPU), and ease of implementation.
This question may be a good starting point

How exactly was the finalist chosen in the NIST AES competition?

Community
  • 1
Anthony
  • 121
  • 1
  • 2