Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

NIST has a total of 3 approved block ciphers on their website: AES, TDES and ski

ID: 647509 • Letter: N

Question

NIST has a total of 3 approved block ciphers on their website: AES, TDES and skipjack.

I get why those are on there (though personally I find TDES a bit iffy) but from my understanding Twofish and Serpent are also good enough to make the list. so why aren't they there? are they too weak? have they been broken to an extend where they are no longer safe to use?

EXTRA:

I'm really interested in knowing why some ciphers are recommended and others aren't. I'm looking for an algorithm to use my self, to do this I want to make a selection of a few algorithms which are safe to use so I have a reason to fall back on when i'm asked why i chose for that specific cipher other than the standard excuse because it's AES (or NIST approved)

Are there credible sources I could quote for other algorithms (such as Twofish) which shows they are still reliable?

Explanation / Answer

The reason NIST chose one algorithm out of the five AES finalists, even though all of them were pretty well-respected (and some were, at the time, considered likely to be more secure then Rijndael) is because NIST is a standards body, and the whole point of the AES project was to find a standard algorithm. The issue with approving lots of algorithms is that you can easily end up with multiple standards-compliant implementations that can't talk to each other because they don't implement the same algorithm. AES is supported everywhere, and is reasonably fast on all platforms (plus, the fact that it's so common makes stuff like AES-NI practical).

These days, it seems to be common to have several algorithms in order to provide a fallback if a flaw is found in one (for instance, that's the point of SHA-3), but that's not the normal way standards agencies work, and even with SHA-3 NIST picked one algorithm. It's not thought of as "good enough to make the list;" the rule is "the algorithm that best meets our goals for this standard."

As for why Rijndael was chosen -- it was a good balance of security, software performance, hardware performance, and ease of implementation (or so it was thought at the time; it's actually kinda tricky to securely implement). Twofish and Serpent were believed more secure at the time, but other things like performance meant they weren't good for all uses. Since the point was creating one standard, they weren't chosen.

Related Questions

NH2 Exact Mass: 122.04 Exact Mass: 108.07 Mol. Wt: 122 12 Mol. Wt: 108.14 1. Tak
Question #525160
NH2 HO Congratulations, you were just hired as a pharmacy tech! The first order
Question #104204
NH3 + O2 ? NO + H2O Unbalanced If at the beginning of the reaction you used 6.89
Question #598753
NH3 + O2 ? NO + H2O Unbalanced If at the beginning of the reaction you used 6.89
Question #738646
NH3 is a weak base (Kb = 1.8 105) and so the salt NH4Cl acts as a weak acid. Wha
Question #790451
NH3 is a weak base (Kb = 1.8 105) and so the salt NH4Cl acts as a weak acid. Wha
Question #790452
NH4+ (aq) + NO2- (aq) ? N2 (g) + H2O (l) Experiment [NH4+]i [NO2-]i Initial rate
Question #624699
NH4+ (aq) + NO2- (aq) ? N2 (g) + H2O (l) Experiment [NH4+]i [NO2-]i Initial rate
Question #766579

Navigate

Previous
NIST defines the term “cryptoperiod” as the time span during which a specific ke
Next
NIST recommends FIPS 181 as a random password generator for \"easy to remember\"

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.