[Cryptography] AES GCM insecure vs OCB1/OCB3 ??
joachim at strombergson.com
Thu Feb 18 09:28:07 EST 2021
John-Mark Gurney wrote on 2021-02-17 00:58:
> Paul Wouters wrote this message on Tue, Feb 16, 2021 at 14:37 -0500:
>> On Sat, 13 Feb 2021, Jon Callas wrote:
>>> Use OCB. It's faster and more secure than GCM. It's also now free of all patent issues. I talked to Phil Rogaway about it earlier in the year
>> It would be useful if Rogaway could make a public statement somewhere on
>> this, because as far as I can see, it is still not allowed for IKE/IPsec
>> based on the latest public information I have.
> Looks like it's free for any open source and non-military use:
No, it is free for any open source _software_. I have implemented it as
an open hardware implementation intended to be released as such. I have
tried to get a response from Rogaway if his license includes hardware.
But so far no response.
Med vänlig hälsning, Yours
More information about the cryptography