STOP USING AES

>piss filter gpt slop
I'll stop when you stop

>>106149191 (OP)
Why? I thought doubling the key length was enough to protect symmetric ciphers from quantum shit? Isn't it just asymmetric ones that require fundamentally new algorithms?

schizo thread

>>106149191 (OP)
fed

>>106149191 (OP)
gay

>>106149333
lol, lmao
https://www.nist.gov/pqcrypto

>>106150346
That's talking about asymmetric encryption. AES is a symmetric cipher.

>>106149191 (OP)
I wish there were a 256 bit block size AES with 256 and 512 bit key sizes.

>>106149191 (OP)
no (You)

>>106150445
WTF is a symmetric cipher

>>106152430
not him but where the encryption and decryption key is the same

>>106149393
psycho reply

What do you recommend instead? It has to be really great, so great that it's worth not being hardware-accelerated.

>>106152430
Symmetric = same key for encrypt and decrypt.
Asymmetric = different keys (public key for encryption, private key for decryption).

Asymmetric allows drug dealers to publish an encryption key that enables their clients to encrypt their address but it can only be decrypted by the private key that only the dealer has so if the encrypted address is intercepted by the market platform, hackers, or feds, they can't use the published key to decrypt it. It relies on things like prime factorization, which quantum computers are supposed to be good at. Dealers are starting to move over to elliptic curve methods that quantum is no good at.

>>106149199
>piss filter
sweetie, let's not use terms you haven't a clue about

>>106153964
The fact globohomo pushes for elliptic curves instead of using more bits for rsa makes it more suspicious.

>>106149191 (OP)
Why do you care what model of Neo Geo I use?

>>106154330
try generating a 16k RSA key and see how long it takes

>>106153964
Common elliptic curves method are just another flavor of discrete logarithm, which Shor's algorithm can break. Unless you are talking about isogeny-based crypto but there isn't a lot of standardization yet around that.

algorithms are safe
your machine is not
a safe algorithm on an unsafe machine makes for an unsafe system

>>106153964
>they can't use the published key to decrypt it. It relies on things like prime factorization
explain it to me like i'm 5, how can the math work out such one key can encrypt and another key can decrypt, yet you can't use one key to deduce the other?

>>106150703
Kalyna is like that. It's wider block based on AES.

>>106157845
What about side channels attacks?

>>106149191 (OP)
NGL, you made me want to bust out the NEO GEO...

>>106153964
Elliptical curves aren't any more resistant to quantum attacks. You're thinking of lattice based cryptography. You need an NP base to make asymmetric quantum resistant.

However, elliptical tends to be more resistant to traditional attacks versus something like RSA. NIST has a release with estimated equivalent strengths.

>>106158484
describe your threat model
people that mention side channel attacks often do not know why they are a problem
for example, it is my opinion that an attacker monitoring your machine's power draw is deeper problem that must be resolved in ways beyond "lol let's write this software in a manner that is resistant to this attack"

>>106150346
>>106152430
>doesn't know what is a symmetric cipher
>preaches that there's something wrong with the current cryptography algorithms

>>106157467
Symmetric encryption works like a normal door. You need the same key to open and close it. It uses a single key.
Asymmetric encryption works kinda like a lock: you publish an open lock and anyone can lock anything with it. Only the one who owns the key to the lock can open it though. It uses two keys, one is the lock (in open position) and the secret key is the lock key.

Asymmetric encryption is very slow compared to symmetric. But with symmetric encryption you need both the sender and receiver to own the same secret key. If this is not the case, you must first exchange a symmetric secret key.

To do this, we assume that the public key of the recipient (the open lock) is available to everyone. You then use this public key to encrypt a secret key for a symmetric encryption scheme. Then you send that ciphertext and the recipient, who owns the key to the lock, can open it and get the symmetric secret key. Now both parties possess the same symmetric secret key and can use symmetric encryption which is fast. This is basic key encapsulation.

>>106160514
I didn't actually answer anon >>106157467, fug.
The simplest example comes from discrete logarithm: you take a special object "g" such that it is very efficient to compute it's powers: g^5, g^34, g^23423432, ...
As it turns out however, it is very hard to inverse this operation in some particular cases. If I show you h=g^345, you would have a hard time telling me that it's actually 345 in the exponent.
In this setting, your secret key would be 345 and your public key g^345. You cannot deduce the secret key from the public one.
Now this isn't unbreakable per se, it is simply believed that solving this problem is currently "hard". So when you read papers on cryptosystems build on this one particular problem, the discrete logarithm, you see theorems like "Assuming the hardness of the discrete logarithm, our encryption scheme is ... secure."

>>106154088
plagiarizing information synthesis system.
It is what it is.

>>106149191 (OP)
GPG and PGP are NOT SAFE!!!!!!! they are complete fucking shit, obsolete FUCKING TRASH that's completely compromised
RSA IS CRACKED!!!!!!! CIA NIGGERS can decrypt your shit in HOURS
DO NOT USE THEM !!!!!!!!!!!!!!
seems like aes 256 is safe for now

Why?

why do you thnik your government regulates the maximum key length retard
its the length up to which they can break them
aes is not safe, nothing out there is. kys retard

>>106160934
This.
That's why I'm asking for 256 bit block symmetric encryption, AES (with 128 bit block) is currently breakable by a state actor with tens of millions of $$$, but no individual or company can afford that.

>>106160947
I don't know, Elon Musk dropped billions on Colossus cluster with 200k high end GPUs. 64-bit block ciphers like Blowfish and 3DES are still considered unbroken but insecure for larger files because of birthday bound. Most ciphers have 128-bit block. Only a few have more than that: Threefish, SHACAL2 and Kalyna that I know of. ChaCha20 is a stream cipher but works on a 512-bit block that's incremented with a counter, so it's kind of similar to block ciphers in CTR mode.

>>106160598
huh, that's very intuitive, thanks anon

>>106160947
nigga if you could just "break" advanced cryptosystems with enough compute, then it would be trivial to flood the space with useless ciphertexts such that you burn through the attacker's compute.
also, XChaCha20 exists. Threefish with 1,024 bit keys exists.

>>106153964
not to worry since quantum computers aren't real and never will be and are based on lies and rubbish.

>>106158583
>doesn't even know the basics of what hes advising people on and trying to stir up panic about
sums up /g/ pretty well