The Camellia Cipher has been around the block for sometime now. I won't delve in its genealogy as you can Google it yourself.Camellia is similar to AES in a number of cases as either of them have multiple similarities between them.
- both are Block Cipher- both use the 'Fiestel Network' (first used in Lucifer & DES). Its essence is Decryption is done by Reversing the order of Encryption.
- both have similar block size for operations 128, 192 & 256 bits - usage of S-BoxesIts hard to comment which of them is a better one. I would say Efficiency & Security wise their isn't much to choose from. Either one is Highly Efficient and Secure as well.
Most of the attacks against AES are 'Theoretical' and almost all of them are 'Unrealistic'. In theory a 2^128 (3.40282367 × 10^38) exhaustive key search is almost equally infeasible as is an 2^120 (1.329228 × 10^36) key search. But in cryptographic literature you might come across 'Theoretical Breaks' that can ensure that you will recover the 'Key' from an 2^120 key search rather than a 2^128 search.
Rainbow Tables, FPGA, FPAA can help you only to a certain extent. Maybe up to 2^60. Keep in mind the fact that every bit added to the key will double the time you need for a key search. As of now AES can most certainly termed to be Secure and Unbreakable, in terms of Cryptanalytic attacks.
That leaves us with Side Channel Cryptanalytic Attacks on AES or for that matter any other crypto system. These attacks are against the Implementation of the Crypto and not on the Cipher itself. You would do well to understand Camellia's Implementation for it is an open source implementation. I believe that you can also implement AES in open source.
A literature review of Camellia would certainly help you in understanding the security of the underlying cipher as well as any know attacks against it.
Hope this helps. Thanks, Shailesh On Feb 13, 2009, at 11:19 PM, Chip Panarchy wrote:
Hi Recently found a website, (using Firefox 3, love there blue favicon idea, always click it), that was using Camelia 256-bit, instead of what I usually see (RC4 128 bit or AES 256-bit). Hadn't seen that cipher before... Which 256-bit encryption is the best? Camellia or AES? Also, what attacks can be run against each of them? (or are they 'uncrackable', eg would take 2yrs to crack one password) Can rainbow tables be generated for both ciphers? If so, how much hard-drive space would I need to store them? And what program should I use to generate these rainbow tables? (eg Winrtgen, etc.) Are there open-source implementations of both ciphers?Please reply, as I know very little about the 'security' of these two ciphers.Thanks in advance, Panarchy PS: If I'm using the word cipher incorrectly, please tell me what word I should rather be using. Thanks!