[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5

Jon Callas jon at callas.org
Tue Mar 25 18:59:07 EDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 25, 2014, at 3:17 PM, ianG <iang at iang.org> wrote:

> On 25/03/2014 22:08 pm, tpb-crypto at laposte.net wrote:
>> 
>> Since I'm merely a code monkey and not a cryptographer,...
> 
> 
> This is no weakness, this is a strength.  You are closer to what matters.

What Ian said.

Most of the cryptographers I deal with are not engineers. They haven't built systems, and they spend all their time worrying about things that don't matter. They go around inventing banana attacks (Jean-Phillipe Aumasson deserves much credit for inventing the term). Remember, they get rewarded for getting papers published, so the incentives are all to write papers.

Remember, crypto is almost never broken. If you're smart enough and humble enough, you can build a decent system with the standard components. 

> 
>> I know you guys don't like this approach, yet I have got no references on how to make it better. All I know is that if the first layer is broke, the would-be attacker will get another jumbled stream and will have to start all over again.
> 
> 
> In terms of directly combining two ciphers, the common approach is to do
> two stream ciphers and to xor them.

Yeah. Well, yeah. I wouldn't. You're most likely making the strongest link of your chain stronger, and convincing yourself you've improved a weakness.

It's all too easy to combine ciphers in ways that gives you the security of the weakest one. But see below.

> There is academic work to combine ciphers at block level, which in
> general shows that it is tricky to do, has a few surprising effects, and
> often doesn't really help more than picking a good cipher.  Others will
> write about that, I'm sure, and see the comment previously about DES-X.
> 
> However, there is a top tip from the NSA:  you should use two systems,
> not two ciphers.  That is, you should use an underlying p2p system such
> as IPSec or TLS or SSH, and then layer an application security system
> over the top of it.
> 
> Which is to say;  if you are going to do super-encryption, the best
> thing is to separate the layers as much as possible.

Bingo. Take a halfway-decent content/message system and run it over TLS. Run your TLS over IPsec. Or better yet, run that through Tor (which is solving a different problem and that's why you use it).

	Jon




-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFTMgpBsTedWZOD3gYRAjoZAKC67/op0HctCZ8DvuA0m//h43lQJgCfQ/sQ
pQHMXWxBjI2pwnBXAx+CXvw=
=caSI
-----END PGP SIGNATURE-----

More information about the cryptography mailing list