[Cryptography] [openpgp] OpenPGP SEIP downgrade attack
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Oct 7 09:50:52 EDT 2015
Werner Koch <wk at gnupg.org> writes:
>And wait another 15 years until it has been taken up by all implementations?
>What is wrong with the planned AE mode?
Which has just as little support as a planned EtM mode?
The reason why I prefer EtM is that it can be pretty trivially retrofitted to
existing crypto (just add a SHA-256 MAC somewhere) and is compatible with any
existing cipher, while whatever AEAD mechanism is chosen (I'm guessing AES-
GCM, which seems to be fashionable) is purely for AES, there's no Twofish or
CAST or whatever AEAD mode defined.
Peter.
More information about the cryptography
mailing list