2

Wikipedia claims key length can be very big in this cipher, so I assume it can offer a million bits of security provided entropy of key is the same?

Of course I can SHA-256 hash the key to allow any key sizes for AES... but it defeats the whole purpose of having such large entropy when the security is less.

So what is the maximum level? For instance, AES-256 provides a 256 bit security level. I don't want it to wrap the keys or diminish its security/entropy.

Wikipedia and most sources are not clear about it.

forest
  • 15,253
  • 2
  • 48
  • 103
Mini kute
  • 33
  • 3
  • 2
    If sources are not clear about it, you should assume that it has not received a great deal of cryptographic scrutiny and you should have no confidence in any security claims. In other words: Don't use ISAAC for security. – Squeamish Ossifrage Apr 24 '19 at 16:55
  • 4
    but it defeats the whole purpose of having such large entropy when the security is less. - what exactly is the purpose of having > 256 bits of security? – Ella Rose Apr 24 '19 at 17:24
  • 1
    I am curious from an academic viewpoint – Mini kute Apr 24 '19 at 21:42
  • 3
    Although it's pretty tricky to get a million bits of security if you realise that the internal state array is only 8192 bits. Any key's entropy has to be shoehorned into that. – Paul Uszak Apr 24 '19 at 22:34
  • 1
    @Minikute The academic consensus is that there is no meaning to security levels beyond 256. Alleged security levels above 256 bits are hallmarks of scams and bullshit. That said, there is no academic consensus to whether ISAAC is secure at any level. – Squeamish Ossifrage Apr 25 '19 at 21:08
  • "Only" 8192 bits is only small compared to the large key size. It may be a strong reason why there isn't that much scientific interest in the scheme. At places where memory is at a premium (e.g. smart cards, embedded devices) 1 KiB is a lot. – Maarten Bodewes Apr 25 '19 at 23:22

1 Answers1

1

ISAAC's internal state is a 256-element array of 32-bit words, and the maximum key size is 8192 bits. In theory, this means ISAAC has a maximum keyspace of 28192. It's important to remember, though, that attacks are known that can result from weak states, meaning not all keys are created equal. While this may not be an issue in practice, there are two primary reasons why you shouldn't use it:

  1. It's not particularly well-researched, so more serious attacks may be lurking.

  2. The entire 8192-bit keyspace is utterly unnecessary. 256 is more than enough.

Just stick with 256-bit AES if you need a block cipher, and ChaCha20 if you need a stream cipher.

forest
  • 15,253
  • 2
  • 48
  • 103