> Avoid: constructions with huge keys, cipher "cascades"
Can anyone please explain what's wrong with e.g. 4096 bit keys (instead of 1024 bit) and piling 2-3 different or same encryption passes? Performance implications are obvious; what are security implications?
This is in the context of symmetric keys, so I'm guessing "huge keys" is a reference to the fact that "448-bit crypto" is a giant red flag because it screams "we're using blowfish".
See I just write 1/5th of a recommendation and leave it open-ended so Colin or 'pbsd can make it look like I was smart to begin with. Yeah... Blowfish... that's what I meant... :)
Well, in the more general case "huge symmetric keys" is a flag for "doesn't understand crypto", but 448-bit blowfish keys are the most common place I see this happening.
What is your opinion on Threefish then? Is there something fundamentally wrong with bigger keys/blocks, or is it just that known big key/block schemes are not useful?
Mostly it's just an indicator that the person doesn't understand the security concepts. If you believe a 4096 bit AES key will do you any good, there's probably other fundamental issues that you've misunderstood.
Can anyone please explain what's wrong with e.g. 4096 bit keys (instead of 1024 bit) and piling 2-3 different or same encryption passes? Performance implications are obvious; what are security implications?