[Cryptography] AES GCM insecure vs OCB1/OCB3 ??

Joachim Strömbergson joachim at strombergson.com
Thu Feb 18 09:28:07 EST 2021


John-Mark Gurney wrote on 2021-02-17 00:58:
> Paul Wouters wrote this message on Tue, Feb 16, 2021 at 14:37 -0500:
>> On Sat, 13 Feb 2021, Jon Callas wrote:
>>> Use OCB. It's faster and more secure than GCM. It's also now free of all patent issues. I talked to Phil Rogaway about it earlier in the year
>> It would be useful if Rogaway could make a public statement somewhere on
>> this, because as far as I can see, it is still not allowed for IKE/IPsec
>> based on the latest public information I have.
> Looks like it's free for any open source and non-military use:
> https://www.cs.ucdavis.edu/~rogaway/ocb/license.htm

No, it is free for any open source _software_. I have implemented it as
an open hardware implementation intended to be released as such. I have
tried to get a response from Rogaway if his license includes hardware.
But so far no response.

Med vänlig hälsning, Yours

Joachim Strömbergson
                               Assured AB

More information about the cryptography mailing list