On Wed, Apr 11, 2012 at 1:22 AM, Kevin W. Wall kevin.w.w...@gmail.com wrote:
On Tue, Apr 3, 2012 at 9:35 AM, ianG i...@iang.org wrote:
[Big SNIP]
The big risk in having CCs or banking info stolen is the subsequent
(usually class action) lawsuits that usually follow. So these things are
On Tue, Apr 3, 2012 at 6:35 AM, ianG i...@iang.org wrote:
...
To tip my hand here somewhat I'm thinking of GCM.
(Digression.) Now, this thread was useful to me because I started reading
up on new modes and so forth, and combined that with my past experiences.
What I wanted was a fast AES
-Original Message-
From: coderman [mailto:coder...@gmail.com]
Sent: Tuesday, April 03, 2012 15:23
To: Wyss, Felix
Cc: ianG; cryptography@randombit.net
Subject: Re: [cryptography] Combined cipher modes
On Tue, Apr 3, 2012 at 12:02 PM, Wyss, Felix felix.w...@inin.com wrote
On Tue, Apr 3, 2012 at 4:10 PM, Wyss, Felix felix.w...@inin.com wrote:
-Original Message-
From: coderman [mailto:coder...@gmail.com]
Sent: Tuesday, April 03, 2012 15:23
To: Wyss, Felix
Cc: ianG; cryptography@randombit.net
Subject: Re: [cryptography] Combined cipher modes
On Tue
On Tue, Apr 3, 2012 at 12:02 PM, Wyss, Felix felix.w...@inin.com wrote:
...
Maybe being conservative is warranted:
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/Ferguson2.pdf
don't use GCM wrong? short tags are bad. changing tag lengths are
bad. use 128bit tags.
If
On 21/02/12 06:40 AM, Kevin W. Wall wrote:
... Based on your recommendation from several years ago, we had originally
used an HMAC-SHA1, but changed it to an HMAC-SHA256 after recommendations
from the initial NSA review.
! I'm not which is more shocking, that you took my recommendations, or
On 20/02/12 18:11 PM, Kevin W. Wall wrote:
Hi list,
This should be a pretty simple question for this list, so please pardon
my ignorance. But better to ask than to continue in ignorance. :-)
NIST refers to combined cipher modes as those supporting *both*
authenticity and confidentiality, such
On Mon, 20 Feb 2012, Harald Hanche-Olsen wrote:
[Kevin W. Wall kevin.w.w...@gmail.com (2012-02-20 07:11:52 UTC)]
So my first question: Are there ANY combined cipher modes
for block ciphers that do not cause the ciphers to act as a key
stream? (That seems to be cause most of the ones I found
hey Tor! ;)
Colin Percival also had interesting comments re encrypt-then-mac vs others:
http://www.daemonology.net/blog/2009-06.html
On Mon, Feb 20, 2012 at 4:54 PM, tor.bjors...@accenture.com wrote:
[ianG, 2012-02-20]
A good plaintext packet design can push strong variation into the first
First of all, let me thank all who have responded for lending
your expertise. I am just picking out Ian's to respond to
because of his suggesting dividing up the IV into
random||counter||time
but I do appreciate everyone else's comments as well.
On Mon, Feb 20, 2012 at 7:11 AM, ianG
On Mon, Feb 20, 2012 at 7:11 AM, ianG i...@iang.org wrote:
On 20/02/12 18:11 PM, Kevin W. Wall wrote:
Hi list,
This should be a pretty simple question for this list, so please pardon
my ignorance. But better to ask than to continue in ignorance. :-)
NIST refers to combined cipher modes as
On Mon, Feb 20, 2012 at 2:40 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote:
First of all, let me thank all who have responded for lending
your expertise. I am just picking out Ian's to respond to
because of his suggesting dividing up the IV into
random||counter||time
but I do appreciate
* Kevin W. Wall:
So my first question: Are there ANY combined cipher modes
for block ciphers that do not cause the ciphers to act as a key
stream? (That seems to be cause most of the ones I found build
the confidentiality piece around CTR mode.) If yes, please name
a few (especially those
Hi list,
This should be a pretty simple question for this list, so please pardon
my ignorance. But better to ask than to continue in ignorance. :-)
NIST refers to combined cipher modes as those supporting *both*
authenticity and confidentiality, such as GCM and CCM.
So my first question: Are
[Kevin W. Wall kevin.w.w...@gmail.com (2012-02-20 07:11:52 UTC)]
So my second question is, if all the combined cipher modes all
cause a cipher to act as if it is in a streaming mode, is it okay
to just choose a completely RANDOM IV for each encryption?
I'll bite on this one, leaving the
15 matches
Mail list logo
