[Cryptography] AES GCM insecure vs OCB1/OCB3 ??
John-Mark Gurney
jmg at funkthat.com
Tue Feb 16 18:58:31 EST 2021
Paul Wouters wrote this message on Tue, Feb 16, 2021 at 14:37 -0500:
> On Sat, 13 Feb 2021, Jon Callas wrote:
>
> > Use OCB. It's faster and more secure than GCM. It's also now free of all patent issues. I talked to Phil Rogaway about it earlier in the year
>
> It would be useful if Rogaway could make a public statement somewhere on
> this, because as far as I can see, it is still not allowed for IKE/IPsec
> based on the latest public information I have.
Looks like it's free for any open source and non-military use:
https://www.cs.ucdavis.edu/~rogaway/ocb/license.htm
Or you use OpenSSL for millitary use to get around License 2's
restrictions..
> side note: with ghash in hardware, is OCB still faster than GCM?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list