[Cryptography] Crypto best practices
Hanno Böck
hanno at hboeck.de
Wed Mar 15 19:02:32 EDT 2017
On Wed, 15 Mar 2017 09:15:46 -0700
"Dennis E. Hamilton" <dennis.hamilton at acm.org> wrote:
> Doesn't use of a fixed IV undermine practically any scheme?
It does, but GCM fails more catastrophically. Peter has a point there.
There's certainly room for less bad AEADs.
> One
> would hope that anything on use of AES-GCM would emphasize the
> security requirement concerning the IV.
TLS 1.2 basically says "implementor can choose the IV however he
likes, making sure that it doesn't repeat is his business". That's a
terrible way of doing things. And obviously some people got it wrong:
https://github.com/nonce-disrespect/nonce-disrespect
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
More information about the cryptography
mailing list