On Mon, Sep 16, 2013 at 12:44 PM, Bill Frantz fra...@pwpconsult.com wrote:
Symmetric encryption:
Two algorithms give security equal to the best of them. Three
protect against meet-in-the-middle attacks. Performing the
multiple encryption at the block level allows block cyphers to
be
Tony Arcieri basc...@gmail.com writes:
On Mon, Sep 16, 2013 at 9:44 AM, Bill Frantz fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really paranoid
should super encrypt with all 5 finalests in the competition. Five level
super encryption is probably
Hi Bill,
On 17/09/13 01:20 AM, Bill Frantz wrote:
The idea is that when serious problems are discovered with one
algorithm, you don't have to scramble to replace the entire crypto
suite. The other algorithm will cover your tail while you make an
orderly upgrade to your system.
Obviously you
On 17/09/13 01:40 AM, Tony Arcieri wrote:
On Mon, Sep 16, 2013 at 9:44 AM, Bill Frantz fra...@pwpconsult.com
mailto:fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really
paranoid should super encrypt with all 5 finalests in the
competition.
On Sep 17, 2013, at 5:49 AM, ianG i...@iang.org wrote:
I wish there was a term for this sort of design in encryption systems
beyond just defense in depth. AFAICT there is not such a term.
How about the Failsafe Principle? ;)
A good question. In my work, I've generally modelled it such
On Mon, 16 Sep 2013 17:47:11 -0700 Bill Frantz
fra...@pwpconsult.com wrote:
Authentication is achieved by signing the entire exchange with
DSA. -- Change the protocol to sign the exchange with both RSA
and DSA and send and check both signatures.
Remember to generate the nonce for DSA using
On 2013-09-17 07:37, Peter Gutmann wrote:
Tony Arcieri basc...@gmail.com writes:
On Mon, Sep 16, 2013 at 9:44 AM, Bill Frantz fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really paranoid
should super encrypt with all 5 finalests [...].
I wish there
On 9/17/13 at 2:48 AM, i...@iang.org (ianG) wrote:
The problem with adding multiple algorithms is that you are also adding
complexity. ...
Both Perry and Ian point out:
And, as we know, the algorithms rarely fail. [but systems do] ...
Absolutely! The techniques I suggested used the
On Sep 17, 2013, at 11:41 AM, Perry E. Metzger pe...@piermont.com wrote:
I confess I'm not sure what the current state of research is on MAC
then Encrypt vs. Encrypt then MAC -- you may want to check on that.
Encrypt then MAC has a couple of big advantages centering around the idea that
you
On Sep 17, 2013, at 6:21 PM, John Kelsey crypto@gmail.com wrote:
I confess I'm not sure what the current state of research is on MAC
then Encrypt vs. Encrypt then MAC -- you may want to check on that.
Encrypt then MAC has a couple of big advantages centering around the idea
that you
On Sep 17, 2013, at 7:18 PM, Jerry Leichter wrote:
On Sep 17, 2013, at 6:21 PM, John Kelsey crypto@gmail.com wrote:
I confess I'm not sure what the current state of research is on MAC
then Encrypt vs. Encrypt then MAC -- you may want to check on that.
Encrypt then MAC has a couple of
On 9/17/13 at 4:18 PM, leich...@lrw.com (Jerry Leichter) wrote:
MAC'ing the actual data always seemed more logical to me, but
once you look at the actual situation, it no longer seems like
the right thing to do.
When I chose MAC then encrypt I was using the MAC to check the
crypto code. CRC
For hash functions, MACs, and signature schemes, simply concatenating
hashes/MACs/signatures gives you at least the security of the stronger one.
Joux multicollisions simply tell us that concatenating two or more hashes of
the same size doesn't improve their resistance to brute force collsion
Arggh! Of course, this superencryption wouldn't help against the CBC padding
attacks, because the attacker would learn plaintext without bothering with the
other layers of encryption. The only way to solve that is to preprocess the
plaintext in some way that takes the attacker's power to
After Rijndael was selected as AES, someone suggested the really
paranoid should super encrypt with all 5 finalests in the
competition. Five level super encryption is probably overkill,
but two or three levels can offer some real advantages. So
consider simple combinations of techniques which
On 9/16/13 at 12:36 PM, leich...@lrw.com (Jerry Leichter) wrote:
On Sep 16, 2013, at 12:44 PM, Bill Frantz fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really paranoid
should super encrypt with
all 5 finalests in the competition. Five level super
On Mon, Sep 16, 2013 at 9:44 AM, Bill Frantz fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really paranoid
should super encrypt with all 5 finalests in the competition. Five level
super encryption is probably overkill, but two or three levels can offer
On Sep 16, 2013, at 6:20 PM, Bill Frantz wrote:
Joux's paper Multicollisions in iterated hash functions
http://www.iacr.org/archive/crypto2004/31520306/multicollisions.ps
shows that finding ... r-tuples of messages that all hash to the same value
is not much harder than finding ... pairs of
On Mon, Sep 16, 2013 at 4:02 PM, Jerry Leichter leich...@lrw.com wrote:
On Sep 16, 2013, at 6:20 PM, Bill Frantz wrote:
Joux's paper Multicollisions in iterated hash functions
http://www.iacr.org/archive/crypto2004/31520306/multicollisions.ps
shows that finding ... r-tuples of messages that all
On 9/16/13 at 4:02 PM, leich...@lrw.com (Jerry Leichter) wrote:
The feeling these days among those who do such work is that
unless you're going to use a specialized combined encryption
and authentication mode, you might as well use counter mode
(with, of course, required authentication). For
20 matches
Mail list logo
