[Cryptography] Severe flaw in all generality : key or nonce reuse
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Oct 19 19:24:08 EDT 2017
John Denker via cryptography <cryptography at metzdowd.com> writes:
>There's a reason why WPA2 doesn't use CBC or anything like that.
And what is that reason? The standard just says "An implementation of MAC
Security that claims full conformance to this standard shall implement the
mandatory Cipher Suites [...] GCM-AES-128", no rationale is given. AFAIK the
reason why GCM was used was because it was trendy, any other encrypt+MAC
mechanism would have done just as well.
Peter.
More information about the cryptography
mailing list