On Sep 9, 2013, at 9:10 PM, Tony Arcieri <basc...@gmail.com> wrote:
> On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie <b...@links.org> wrote:
>> And the brief summary is: there's only one ciphersuite left that's good, and
>> unfortunately its only available in TLS 1.2:
>>
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>
> A lot of people don't like GCM either ;)
Yes, GCM does have implementation sensitivities particularly around the IV
generation. That being said, the algorithm is better than most and the
implementation sensitivity obvious (don't ever reuse an IV).
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
