[Cryptography] Crypto best practices
Dennis E. Hamilton
dennis.hamilton at acm.org
Wed Mar 15 12:15:46 EDT 2017
> -----Original Message-----
> From: cryptography [mailto:cryptography-
> bounces+dennis.hamilton=acm.org at metzdowd.com] On Behalf Of Peter Gutmann
> Sent: Wednesday, March 15, 2017 04:19
> To: Hanno Böck <hanno at hboeck.de>
> Cc: Cryptography List <cryptography at metzdowd.com>; Arnold Reinhold
> <agr at me.com>
> Subject: Re: [Cryptography] Crypto best practices
[ ... ]
>
> AES-CTR, and by extension AES-GCM, have exactly the same problem, if you
> use
> them in their most straightforward modes where you memcpy() in a fixed
> or all-
> zero IV, you've got RC4 again.
[orcmid]
Huh?!
Doesn't use of a fixed IV undermine practically any scheme? One would hope that anything on use of AES-GCM would emphasize the security requirement concerning the IV.
Isn't this simply the case that any security scheme, however well the primitives are implemented, can be used badly?
- Dennis
>
> Peter.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list