Am 03.11.2015 um 02:43 schrieb Jeffrey Walton:
>
> Does anything break by extending CryptoPP::GCM by a resynchronize
> method which does not change the iv, like:
>
> |
> classCtrNonceGCMEncryption:publicCryptoPP::GCM<CryptoPP::AES
> >::Encryption{
> public:
> voidResynchronize(){m_state =State_IVSet;}
> };
> |
>
> and using this method instead (as well as in Decryption)? This
> would save on random nonce generation and transmission.
>
>
> Sorry to dig up an old thread....
>
> There _can_ be another small risk when using GCM mode. I learned about
> it when researching non-constant time increment functions. For
> information on it, see "Should Increment functions be near-constant
> time?", http://crypto.stackexchange.com/q/30261/10496.
>
> I looked at the library's GCM code, and we might want to place a
> mitigation.
I'm definitely voting for a mitigation.
We're a crypto library and thereby can't tolerate (potential) security
issues, especially if they are related to GCM - the most advertised mode.
The how of the mitigation is a more difficult question though.
I'm currently running tests concerning poncho's proposal using an
extensive configuration and expect results the next day.
I'll report back once I know the implied overhead.
BR
JPM
>
> Jeff
> --
> --
> You received this message because you are subscribed to the "Crypto++
> Users" Google Group.
> To unsubscribe, send an email to
> cryptopp-users-unsubscr...@googlegroups.com.
> More information about Crypto++ and this group is available at
> http://www.cryptopp.com.
> ---
> You received this message because you are subscribed to the Google
> Groups "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cryptopp-users+unsubscr...@googlegroups.com
> <mailto:cryptopp-users+unsubscr...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cryptopp-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
