Re: [Cryptography] Availability of plaintext/ciphertext pairs (was Re: In the face of "cooperative" end-points, PFS doesn't help)

2013-09-11 Thread Nemo
eated as a sequence of blocks, not bytes) is > itself a valid CBC encryption. Yes, obviously... which is why I wrote "I am particularly thinking of CTR mode and its relatives". It's a pity OCB mode is patented. - Nemo ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Summary of the discussion so far

2013-09-11 Thread Nemo
tions... unless you used PFS. - Nemo ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Availability of plaintext/ciphertext pairs (was Re: In the face of "cooperative" end-points, PFS doesn't help)

2013-09-11 Thread Nemo
t is that if the IV can be kept confidential cheaply, why not? (I am particularly thinking of CTR mode and its relatives.) - Nemo ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Availability of plaintext/ciphertext pairs (was Re: In the face of "cooperative" end-points, PFS doesn't help)

2013-09-11 Thread Nemo
se NSA's math skills are scary. In my opinion, it is virtually certain NSA knows something about integer factoring and/or integer discrete log and/or elliptic curves that we do not. So I would build in some margin. I would start with 3072 bits for RSA/DH and 384 bits for ECC and only

[Cryptography] Availability of plaintext/ciphertext pairs (was Re: In the face of "cooperative" end-points, PFS doesn't help)

2013-09-10 Thread Nemo
o stir extra entropy into the encryption. It does nothing for any security proofs, since those assume perfectly secure block ciphers... But it might make somebody's job just a little bit harder in practice. And since it would cost nothing, why not? - Nemo

[Cryptography] Seed values for NIST curves

2013-09-09 Thread Nemo
seeds for the NIST curves, and how do they claim those seeds were chosen, exactly? - Nemo ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography