[Cryptography] block size / block cipher versus stream cipher
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Mar 31 22:33:07 EDT 2021
Phillip Hallam-Baker <phill at hallambaker.com> writes:
>The whole point of this project is to question existing assumptions and see
>what happens when we reject notions that are widely held but based on 197s
>thinking. thirty years of experience tells me that key rotation requirements
>are far more often a cause of failure than prevent an attack.
In more succinct form, "defend against the problem you actually have, not
against the problem the textbook tells you you have". I practically need that
as a running heading in my book, about 60% of everything done in crypto is
defending against imaginary problems from textbooks, 30% is making assorted
fashion statements, and 10% is doing stuff that will actually slow down an
attacker [0]. Mostly in integrity protection/authorisation, rarely in
confidentiality.
>>Recommended practice on shared secrets in the Libsodium documentation is to
>>keep them in locked memory so that they don't get stored to disk, and
>>replace those shared secrets on every reasonable occasion to do so.
>
>That might be appropriate for some devices.
Yup. For one thing it blindly assumes that there is a disk, and that the
hardware supports paging memory to it. Then it assumes the keys-fall-from-
the-sky model of key management, where you just wave a magic wand and all your
keys get replaced. Defend against the problem you actually have [1], not
against the problem the textbook tells you you have.
Peter.
[0] That 10% may be an overestimate, and the fashion statements one an
underestimate.
[1] With a possible addition of "using the resources you have".
More information about the cryptography
mailing list