[Cryptography] Literature on reusing same key for AES / HMAC?
Kristian Gjøsteen
kristian.gjosteen at math.ntnu.no
Mon Nov 9 12:02:36 EST 2015
8. nov. 2015 kl. 18.43 skrev Krisztián Pintér <pinterkr at gmail.com>:
> just to give an example, keccak guys recommend a single pass
> authenticated encryption. this is encrypt-and-mac, but it is as secure
> as it gets. also, we have the CAESAR competition, in which many (all?)
> candidates are also encrypt-and-mac. so obviously, actual
> cryptographers don't know about the enc-then-mac rule, only the
> blogosphere does.
That is not a sound argument.
That expert cryptographers use constructions other than EtA is not surprising. These constructions typically aren’t straight E&A, obviously.
EtA is a simple construction that if used more widely would have saved us all some bother. It is obviously better than E&A, and it is safer than AtE (fewer ways to mess things up). «Use EtA» is still sound advice, except it should probably be modified to be «Use AEAD if you can, otherwise EtA».
--
Kristian Gjøsteen
More information about the cryptography
mailing list