[Cryptography] a question on consensus over algorithmic agility
Bear
bear at sonic.net
Wed Jun 25 18:01:22 EDT 2014
On Wed, 2014-06-25 at 16:01 +0100, ianG wrote:
>
> 1. Do you believe that in general case for the security for the
> net, (a) security protocols MUST be agile w.r.t cryptography ciphers ?
> OR, in the negative, no, protocols may set one cipher and stick with it.
Whether agility in the cipher is or is not desirable depends on
whether the protocol is more or less secure with cipher agility.
As typically implemented, where either party may refuse to use a
particular cipher, an attacker can choose whichever cipher s/he
has the best attack on and anyone who hasn't got it locked out will
get screwed by "automatic cipher negotiation". In that case cipher
agility actively subverts protocol security and it is better to
not do it.
More information about the cryptography
mailing list