[Cryptography] Crypto best practices

John-Mark Gurney jmg at funkthat.com
Fri Mar 17 18:59:20 EDT 2017


Ralf Senderek wrote this message on Wed, Mar 15, 2017 at 19:43 +0100:
> 
> 
> On Wed, 15 Mar 2017, Peter Gutmann wrote:
> 
> > AES-CTR, and by extension AES-GCM, have exactly the same problem, if you use
> > them in their most straightforward modes where you memcpy() in a fixed or all-
> > zero IV, you've got RC4 again.
> 
> In an attempt to enhance security the wise people at OpenSSH have changed
> the defaults to only accept AES-CTR and AES-GCM in addition to some stuff
> they've come up themselves:
> 
> chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
> 
> This makes it hard for a standard-complient ssh client implementation to
> even talk to openssh servers without changing the defaults to include
> AES-CBC mode. A gread idea to fuel cryptographic progress.

I'll point out that chacha20-poly1305 is also a stream cipher and
suffers similar isues.

What are the patent free, AEAD ciphers that are recommended then?

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the cryptography mailing list