[Cryptography] [openpgp] OpenPGP SEIP downgrade attack
Werner Koch
wk at gnupg.org
Wed Oct 7 15:37:45 EDT 2015
On Wed, 7 Oct 2015 15:50, pgut001 at cs.auckland.ac.nz said:
> The reason why I prefer EtM is that it can be pretty trivially retrofitted to
> existing crypto (just add a SHA-256 MAC somewhere) and is compatible with any
But raises the same problems as all data format changes. When taking up
these trouble why got for a slow method whilst faster methods are
available.
> existing cipher, while whatever AEAD mechanism is chosen (I'm guessing AES-
> GCM, which seems to be fashionable) is purely for AES, there's no Twofish or
> CAST or whatever AEAD mode defined.
OCB works with all 128 bit block length ciphers and is faster than GCM.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the cryptography
mailing list