On Thu, Oct 7, 2021 at 3:31 PM Ashwin Agrawal <ashwins...@gmail.com> wrote: > Not at all knowledgeable on security topics (bravely using terms and > recommendation), can we approach decisions like AES-XTS vs AES-GCM (which in > turn decides whether we need to store nonce or not) based on which compliance > it can achieve or not. Like can using AES-XTS make it FIPS 140-2 compliant or > not?
To the best of my knowledge, the encryption mode doesn't have much to do with whether such compliance can be achieved. The encryption algorithm could matter, but I assume everyone still thinks AES is acceptable. (We should assume that will eventually change.) The encryption mode is, at least as I understand, more of an internal thing that you have to get right to avoid having people break your encryption and write papers about how they did it. -- Robert Haas EDB: http://www.enterprisedb.com
