[Cryptography] ratcheting DH strengths over time
Perry E. Metzger
perry at piermont.com
Mon Nov 16 17:15:52 EST 2015
On Mon, 16 Nov 2015 14:02:44 -0800 Ryan Carboni <ryacko at gmail.com>
wrote:
> > We didn't understand what they guaranteed. CBC in particular has
> > proven much more problematic than was assumed 25 years ago.
>
> Please be more specific. Outside of birthday attacks, what problems
> does CBC have?
I'm not sure what birthday attacks exist on CBC. However, for the
rest, see BEAST, POODLE, etc. for examples of the sorts of problems
that exist. Googling about will tell you more.
Note that there were people who understood that some block cipher
modes were problematic and the engineering part of the community
(including me, sadly) didn't listen closely enough.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list