Jez,

Rijmen&Daemen are not online, so please allow me to argue with you :-)))

I read the whole Rijndael (= current AES) article during the weekend and did not found a single line saying it is unsuitable for '51. Contrary, they present results of 3 different '51 implementations and a section of implementation remarks for 8-bit micros.

I also went through the AES candidates' performance on '51 and Rijndael (in 128-bit mode) was FAR the best performing from them, with around 3kcycles per block (others performing at several 10kcycles, i.e. one order of magnitude slower).

I've given you also figures. 1kB of FLASH/ROM costs today less than a pair of pins on your favourite FPGA :-) and on not-so-fast '51 it is good enough to keep a 115200Baud line busy. What else would you expect from it?

No doubt there are applications where hardware encryption or hardware-supported encryption is needed or even necessary. Also, no doubt, a two-chip solution where each chip has a sort of "lock" is more secure in terms of being "hack-proof" than a single micro. As usually, there is no universal solution and subject to tradeoffs. However, if general purpose microcontroller is involved, any of the algos mentioned (AES,XTEA,skipjack,blowfish) implemented in software is in the most of the cases good enough; notabene if the counterpart is a common PC (where the hack would be performed most easily anyway). The DES cracker is mostly an academic exercise and has nothing to do with "everyday's hack".

And, I repeat, being the algorithm and the encryption device arbitrarily strong, if the entire scheme has a hole, it will fail - and THIS is the most common problem, not the weakness of algorithm etc.

0.02SKK (practically zero) ;-)

Jan Waclawek