[Cryptography] Crypto best practices
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Mar 12 07:41:58 EDT 2017
Hanno Böck <hanno at hboeck.de> writes:
>This is horrible advice nobody should follow. Using both HMAC and asymmetric
>cryptography has led to a pletora of vulnerabilities in the past.
>[...]
>
>Just use authenticated encryption with an AEAD.
I assume you mean GCM there, the most popular AEAD mode. So you're suggesting
switching from a mode that has some relatively low-impact, obscure issues
(various oracle attacks) to one that fails catastrophically if you get
it wrong. That seems like a giant move backwards in terms of safety.
GCM is RC4 all over again, and look how well that turned out.
Peter.
More information about the cryptography
mailing list