[Cryptography] Crypto best practices
Ray Dillinger
bear at sonic.net
Fri Mar 17 17:03:01 EDT 2017
On 03/16/2017 05:37 PM, Peter Gutmann wrote:
> Ray Dillinger <bear at sonic.net> writes:
>
>> Stream Ciphers simply aren't worth the level of complexity risk required to
>> design with them any more, and have not been for a long time.
>
> +1 to all of that. It's the "RC4 all over again" thing, we have about two
> decades of experience showing that if you give J.Random coder a stream cipher
> to use for data encryption, they're probably going to get it wrong.
Wanna use RC4 and XOR in a secure way without IVs or cipher modes? Use
RC4 to generate a different AES key for every block of your data.
That's actually a decent, secure cipher, and repeated plaintext blocks
won't appear as repeated ciphertext blocks.
But wait, it's four or five times as much compute power as you need to
encrypt securely by some other means, and the additional operations
present additional attack surface for side channel attacks on power
consumption, Tempest emissions, etc. So why bother?
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170317/812e2e3d/attachment.sig>
More information about the cryptography
mailing list