[Cryptography] Suite B after today's news
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Sep 5 22:35:14 EDT 2013
Jon Callas <jon at callas.org> writes:
>How do you feel (heh, I typoed that as "feal") about the other AEAD modes?
If it's not a stream cipher and doesn't fail catastrophically with IV reuse
then it's probably as good as any other mode. Problem is that at the moment
modes like AES-CTR are being promulgated as fashion statements without any
consideration about operational deployment, when what we should be promoting
is something that's safely and effectively deployable. Someblockcipher-CBC +
HMAC is a nice safe bet, run your HMAC, do a constant-time compare of the
result, toss the encrypted data if you get a verify failure, otherwise
decrypt, it's pretty straightforward.
Peter.
More information about the cryptography
mailing list