[Cryptography] Suite B after today's news

Ralph Holz ralph-cryptometzger at ralphholz.de
Fri Sep 6 10:12:14 EDT 2013


Hi,

> Same here.  AES is, as far as we know, pretty secure, so any problems are
> going to arise in how AES is used.  AES-CBC wrapped in HMAC is about as solid
> as you can get.  AES-GCM is a design or coding accident waiting to happen.

But for right now, what options do we have that are actually implemented
somewhere?

Take SSL. CBC mode has come under pressure for SSL (CRIME, BEAST, etc.),
and I don't see any move towards TLS > 1.0.

RC4 was good enough for a while, but with djb's new work - it's just
waiting to be improved and made practical by someone. FWIW, we still use
RC4 on our servers, but I'd be happy to see something else that is
practical.

Of course, the above attacks are probably not one of your worries when
you're up against the NSA - your own system is probably much more
endangered.

Ralph


More information about the cryptography mailing list