[Cryptography] Suite B after today's news
Jon Callas
jon at callas.org
Thu Sep 5 22:21:17 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sep 5, 2013, at 7:15 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Jon Callas <jon at callas.org> writes:
>
>> My opinion about GCM and GMAC has not changed. I've never been a fan.
>
> Same here. AES is, as far as we know, pretty secure, so any problems are
> going to arise in how AES is used. AES-CBC wrapped in HMAC is about as solid
> as you can get. AES-GCM is a design or coding accident waiting to happen.
> This isn't the 1990s, we don't need to worry about whether DES or FEAL or IDEA
> or Blowfish really are secure or not, we can just take a known-good system off
> the shelf and use it. What we need to worry about now is deployability. AES-
> CTR and AES-GCM are RC4 all over again, it's as if we've learned nothing from
> the last time round.
How do you feel (heh, I typoed that as "feal") about the other AEAD modes?
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii
wj8DBQFSKTwesTedWZOD3gYRAgyXAJ0X7q9+1DRM+1p/eQ13Hlu0P4s4vQCgsQLG
zs8/592lHqurlVWlghRTdJg=
=Ni0l
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list