Hi all,
I was referred to this site by a former colleague who thought this
is something that someone with professional cryptanalysis experience should
comment on. Also, I apologize in advance for the length of this
post (especially since it's my first one). Just trying to be thorough.
I have been
Advice: if you're creating something for general-purpose use, at a minimum
make sure it provides authentication, integrity, *and* confidentiality.
A reasonable choice might be Encrypt-then-Authenticate where you first
encrypt with AES-CBC, then append a AES-CMAC message authentication
code on the c
On Sep 15, 2009, at 4:12 PM, James A. Donald wrote:
The ideas used in Tahoe are useful tools that can be used to solve
important problems.
Yes, and I'd be happy to opine on that as soon as someone told me what
those important problems are.
--
Ivan Krstić | http://radian.org
On Wednesday,2009-09-16, at 14:44 , Ivan Krstić wrote:
Yes, and I'd be happy to opine on that as soon as someone told me
what those important problems are.
The message that you quoted from Brian Warner, which ended with him
wondering aloud what new applications could be enabled by such
fe
--
From: "Kevin W. Wall"
Subject: Detecting attempts to decrypt with incorrect secret key in OWASP
ESAPI
The new default for the new encryption / decryption methods is to be
128-bit AES/CBC/PKCS5Padding and use of a random IV.
That's a good s
I don't exactly follow the argument for using CCM mode instead
AES-CBC encryption followed by AES-CMAC, and I'm not familiar with
the political/perception arguments (who complains about the latter?),
but whatever. It's hardly worth arguing over. The cryptographic mode
of operation is unlikely to
--
From: "David Wagner"
Sent: Wednesday, September 16, 2009 5:19 PM
To:
Subject: Re: Detecting attempts to decrypt with incorrect secret key in
OWASP ESAPI
I don't exactly follow the argument for using CCM mode instead
AES-CBC encryption foll
David Wagner writes:
>(You could replace AES-CMAC with SHA1-HMAC, but why would you want to?)
The answer to that depends on whether you need to support an existing base of
crypto software and hardware. Even though (in this case) it's a new standard,
it still requires support from the underlying