Hacker News new | ask | show | jobs
by 0xDEAFBEAD 462 days ago
>That's so bad of an idea that I was sure no one would think I meant that.

Not everyone who reads these HN threads is a cryptographer. It didn't raise serious red flags for me when you mentioned that. I figured it should be OK as long as you make the size of the key twice as large. Is that wrong?
1 comments
chowells 462 days ago
The problem is that no commonly-used symmetric cipher has been studied nearly as heavily with larger keys. 128 bits for a symmetric cipher is enough for all practical purposes barring a cryptographic break, and it gives the best performance. Their constructions aren't so trivial that you can just extend the existing study to larger key sizes mechanically. Using larger key sizes basically means using new ciphers. Unstudied ciphers.

It's much more conservative on your novelty budget to use a well-studied 128-bit cipher along with a well-studied key derivation function. In cryptography, you really should be as conservative as possible with your novelty budget.

link
0xDEAFBEAD 461 days ago
Thanks!
link