[Cryptography] [FORGED] Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
Natanael
natanael.l at gmail.com
Wed Oct 18 16:12:28 EDT 2017
Den 18 okt. 2017 21:09 skrev "Peter Gutmann" <pgut001 at cs.auckland.ac.nz>:
Salz, Rich <rsalz at akamai.com> writes:
>> yet another reason why RC4-equivalent
>> ciphers like GCM should be banned (we finally got rid of RC4, and now
we're
>> busy reintroducing it under another name)
>
>For the benefit of similar non-experts on this list, I just want to point
out
>that Peter’s assertion that GCM is just like RC4 is one that is not widely
>shared.
RC4 is a stream cipher for which key/nonce reuse results in a catastrophic
failure of the cryptosystem.
GCM is a stream cipher for which key/nonce reuse results in a catastrophic
failure of the cryptosystem.
For the benefit of similar non-experts on this list, could you please point
out which cryptographers disagree with that? Since the view that they fail
the same way is one that is not widely shared, there must be lots of names
you
can cite to support this.
(The reason for asking for names is so I can avoid any cryptosystem they've
designed)
While I do agree that stream ciphers should be avoided whenever you can not
guarantee perfect key management and nonce generation, that's clearly not
what his comment was about.
The main difference between the two is that RC4 can be cracked even without
nonce repetition occurring, as in the now infamous WEP standard.
You can not do that with AES-GCM, and even less so with GCM-SIV mode which
also adds some limited misuse resistance (tolerates some number of nonce
repetitions).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171018/1cf8b046/attachment.html>
More information about the cryptography
mailing list