[Cryptography] a question on consensus over algorithmic agility

Bear bear at sonic.net
Wed Jun 25 18:01:22 EDT 2014


On Wed, 2014-06-25 at 16:01 +0100, ianG wrote:

> 
>      1.  Do you believe that in general case for the security for the
> net, (a) security protocols MUST be agile w.r.t cryptography ciphers ?
> OR, in the negative, no, protocols may set one cipher and stick with it.

Whether agility in the cipher is or is not desirable depends on 
whether the protocol is more or less secure with cipher agility. 

As typically implemented, where either party may refuse to use a
particular cipher, an attacker can choose whichever cipher s/he 
has the best attack on and anyone who hasn't got it locked out will 
get screwed by "automatic cipher negotiation".  In that case cipher
agility actively subverts protocol security and it is better to 
not do it.





More information about the cryptography mailing list