[Cryptography] block size / block cipher versus stream cipher

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Mar 31 22:33:07 EDT 2021


Phillip Hallam-Baker <phill at hallambaker.com> writes:

>The whole point of this project is to question existing assumptions and see
>what happens when we reject notions that are widely held but based on 197s
>thinking. thirty years of experience tells me that key rotation requirements
>are far more often a cause of failure than prevent an attack.

In more succinct form, "defend against the problem you actually have, not
against the problem the textbook tells you you have".  I practically need that
as a running heading in my book, about 60% of everything done in crypto is
defending against imaginary problems from textbooks, 30% is making assorted
fashion statements, and 10% is doing stuff that will actually slow down an
attacker [0].  Mostly in integrity protection/authorisation, rarely in
confidentiality.

>>Recommended practice on shared secrets in the Libsodium documentation is to
>>keep them in locked memory so that they don't get stored to disk, and
>>replace those shared secrets on every reasonable occasion to do so.
>
>That might be appropriate for some devices.

Yup.  For one thing it blindly assumes that there is a disk, and that the
hardware supports paging memory to it.  Then it assumes the keys-fall-from-
the-sky model of key management, where you just wave a magic wand and all your
keys get replaced.  Defend against the problem you actually have [1], not
against the problem the textbook tells you you have.

Peter.

[0] That 10% may be an overestimate, and the fashion statements one an
    underestimate.
[1] With a possible addition of "using the resources you have".

 





     



More information about the cryptography mailing list