[Openswan Users] AES with 256 bits of block size!
James Muir
muir.james.a at gmail.com
Tue Dec 23 10:58:54 EST 2008
Dariush Zahedmanesh wrote:
> Hi paul
> we changed the config file as you said, but there was an error as follow:
> esp string error: enc_alg not found, enc_alg="aes_", auth_alg="sha1",
> modp=""
>
> we think that the correct syntax is "ike=aes-256 and esp=aes-256", but
> it is nothing to do with
> the block size. (it only changes the key size not the block size).
The AES standard (i.e. FIPS 197) defines only one blocksize: 128 bits.
There are 3 different key sizes (128, 192, 256), but only one blocksize.
The abbreviations AES-128, AES-192, AES-256 denote different key sizes.
The Rijndael specification does describe how to use different block
sizes, but this is not yet part of the AES standard.
With a 128-bit block size you can do about 2^64 AES operations before
you need to worry about birthday attacks. 2^64 is quite a big number.
Are you certain 2^64 is not large enough for your needs?
-James
More information about the Users
mailing list