[Cryptography] Crypto best practices
Ron Garret
ron at flownet.com
Thu Mar 16 21:21:10 EDT 2017
On Mar 16, 2017, at 5:37 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Ray Dillinger <bear at sonic.net> writes:
>
>> Stream Ciphers simply aren't worth the level of complexity risk required to
>> design with them any more, and have not been for a long time.
>
> +1 to all of that. It's the "RC4 all over again" thing, we have about two
> decades of experience showing that if you give J.Random coder a stream cipher
> to use for data encryption, they're probably going to get it wrong. Even
> experts get it wrong, e.g. tarsnap (although in that case I'm not sure if the
> lesson is "stream ciphers are too dangerous to use" or "CTR mode is too
> dangerous to use"). There are far safer alternatives to stream ciphers
> around, in this case meaning "pretty much everything that isn't a stream
> cipher".
You need to go back and rethink this. If someone takes this advice as stated they will conclude that AES in ECB mode is preferable to using the NaCl library because XSalsa20 is a stream cipher and AES is not. I think I know what the two of you are trying to say, but if there has ever been an area of human endeavor that demands precision in the formulation of recommendations, it’s this.
rg
More information about the cryptography
mailing list