[Cryptography] [FORGED] Re: Crypto best practices
Natanael
natanael.l at gmail.com
Tue Mar 21 02:55:31 EDT 2017
Den 21 mars 2017 07:22 skrev "Peter Gutmann" <pgut001 at cs.auckland.ac.nz>:
It's not too hard to come up with a Rube-Goldberg mechanism that deals with
particular issues like misuse of IVs or streaming, but the problem with
these
schemes is that they take the initial issue, that IVs are too confusing and
complex to deal with so people get it wrong, and make the problem ten times
worse. The reason why RC4 was so popular is because it's incredibly simple,
it takes a key and magics plaintext in-place into ciphertext and back again
with no message expansion or other complications. I'm not saying that you
can
do the equivalent of RC4 in a sound manner, but if you've got something that
gets misused because of its complexity then the proposed replacement
shouldn't
involve even more complexity.
True, but that also wasn't meant as an actual suggestion of what to do.
Only to show it *can* be done (because he assumed it could be proven
impossible). There's probably much better ways to do it in case streamable
full-message authentication would ever be necessary (I can't really see any
need for it outside of offsite FDE backups), but I'll let somebody else
figure that out. This is also why I mentioned the two later options,
because they would actually be easy to use (I assume).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170321/cd842f5a/attachment.html>
More information about the cryptography
mailing list