[Cryptography] FREAK attack

Watson Ladd watsonbladd at gmail.com
Thu Mar 5 22:28:30 EST 2015

On Thu, Mar 5, 2015 at 5:44 PM,  <lists at notatla.org.uk> wrote:
> Watson Ladd <watsonbladd gmail.com>
>> The myth is that cryptographers in 1995 did not understand the proper order
>> of encryption and MACing. The reality is they did. Furthermore,  the RC4
>> results date back to 1995 as well.
> See section 8.2 (p115-7) of Practical Cryptography copyright 2003
> and section 7.2 (p102-4) of Cryptography Engineering copyright 2010.

Bellare-Nampare and the Vaudenay padding oracle attack were both known
in 2001. Both were major events at CRYPTO and both refer to the
encrypt then MAC result as folklore. It's also an easy exercise if you
know the definitions, hence why it was never published separately.

> If this was as well known as you think why don't they show a preference
> for encrypt-then-mac or describe block cipher padding oracles?
> http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html

The proceedings of the biggest conference in cryptography is hardly an
obscure place to look when writing a comprehensive book on
cryptography. I think the absence of this subject says more about the
books than the obscurity of the subject.

Watson Ladd

More information about the cryptography mailing list