[Cryptography] block size / block cipher versus stream cipher

[jrzx]

On Monday, March 29, 2021 6:11 PM, Phillip Hallam-Baker <phill at hallambaker.com> wrote:

> Not for these use cases. And some of the devices may not have public key available.
> In the longer term, I want to be able to keep a symmetric key session going Kerberos style forever if need be.

Building an identity system on long lived shared secrets seems like a bad idea, particularly as elite trust and trustworthiness is in long term decline, as for example the crisis of distrust in accountants and accounting that led to SoX.

Recommended practice on shared secrets in the Libsodium documentation is to keep them in locked memory so that they don't get stored to disk, and replace those shared secrets on every reasonable occasion to do so.

And it seems to me that change in network address is such an occasion - that you should not be keeping shared secrets around through an event that might correspond them no longer being in the control of a single client. Maybe the network address changed because of physical events at the client end.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210331/ffe738a4/attachment.htm>