On 09/06/2013 08:27 PM, Jeffrey Walton wrote:
Hi All,
With all the talk of the NSA poisoning NIST, would it be wise to
composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
I've been thinking about running a fast inner stream cipher (Salsa20
without a MAC) and wrapping it in AES
On Fri, Sep 6, 2013 at 5:53 PM, Natanael natanae...@gmail.com wrote:
Apparently it's called cascade encryption or cascade encipherment
More generally it's known as a product cipher, which underlies things like
Feistel Networks which were used to compose algorithms like DES:
We have a purely (now mostly) all-symmetric key protocol: Needham-Schroeder
-- Kerberos. Guess what: it doesn't scale, not without a strong dose of PK
(and other things). Worse, its trusted third parties can do more than
MITM/impersonate you like PKI's: they get to see your session keys (unless
Jeffrey Walton noloa...@gmail.com wrote:
With all the talk of the NSA poisoning NIST, would it be wise to
composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
I've been thinking about running a fast inner stream cipher (Salsa20
without a MAC) and wrapping it in AES with an
On Fri, Sep 6, 2013 at 7:27 PM, Jeffrey Walton noloa...@gmail.com wrote:
I've been thinking about running a fast inner stream cipher (Salsa20
without a MAC) and wrapping it in AES with an authenticated encryption
mode (or CBC mode with {HMAC|CMAC}).
My own very subjective opinion is that
On Fri, Sep 6, 2013 at 8:53 PM, Natanael natanae...@gmail.com wrote:
http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html
Apparently it's called cascade encryption or cascade encipherment,
and the implementations are apparently called robust combiners. And
by the way,
On Fri, Sep 6, 2013 at 8:05 PM, Jeffrey Walton noloa...@gmail.com wrote:
I'm more worried about key exchange or agreement.
The list of things to get right is long. The hardest is getting the
implementation right -- don't do all that work just to succumb to a
remotely exploitable buffer