On Fri, Sep 6, 2013 at 5:53 PM, Natanael wrote:
> Apparently it's called "cascade encryption" or "cascade encipherment"
More generally it's known as a product cipher, which underlies things like
Feistel Networks which were used to compose algorithms like DES:
https://en.wikipedia.org/wiki/Prod
On 09/06/2013 08:27 PM, Jeffrey Walton wrote:
Hi All,
With all the talk of the NSA poisoning NIST, would it be wise to
composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
I've been thinking about running a fast inner stream cipher (Salsa20
without a MAC) and wrapping it in AES
Jeffrey Walton wrote:
> With all the talk of the NSA poisoning NIST, would it be wise to
> composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
>
> I've been thinking about running a fast inner stream cipher (Salsa20
> without a MAC) and wrapping it in AES with an authenticated encr
We have a purely (now mostly) all-symmetric key protocol: Needham-Schroeder
-- Kerberos. Guess what: it doesn't scale, not without a strong dose of PK
(and other things). Worse, its trusted third parties can do more than
MITM/impersonate you like PKI's: they get to see your session keys (unless
y
On 7/09/13 04:24 AM, Nico Williams wrote:
On Fri, Sep 6, 2013 at 8:05 PM, Jeffrey Walton wrote:
I'm more worried about key exchange or agreement.
At a technical level, key exchange/agreement has probably the biggest
impact on the overall architecture of the cryptographic solution. It's
no
On Sat, Sep 07, 2013 at 02:53:22AM +0200, Natanael wrote:
> http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html
> Apparently it's called "cascade encryption" or "cascade encipherment",
> and the implementations are apparently called "robust combiners". And
> by the way, Truecry
On Fri, Sep 6, 2013 at 8:58 PM, Nico Williams wrote:
> On Fri, Sep 6, 2013 at 7:27 PM, Jeffrey Walton wrote:
>> I've been thinking about running a fast inner stream cipher (Salsa20
>> without a MAC) and wrapping it in AES with an authenticated encryption
>> mode (or CBC mode with {HMAC|CMAC}).
>
On Fri, Sep 6, 2013 at 8:05 PM, Jeffrey Walton wrote:
> I'm more worried about key exchange or agreement.
The list of things to get right is long. The hardest is getting the
implementation right -- don't do all that work just to succumb to a
remotely exploitable buffer overflow. Next up is phys
On Fri, Sep 6, 2013 at 8:53 PM, Natanael wrote:
> http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html
> Apparently it's called "cascade encryption" or "cascade encipherment",
> and the implementations are apparently called "robust combiners". And
> by the way, Truecrypt alread
On Fri, Sep 6, 2013 at 7:27 PM, Jeffrey Walton wrote:
> I've been thinking about running a fast inner stream cipher (Salsa20
> without a MAC) and wrapping it in AES with an authenticated encryption
> mode (or CBC mode with {HMAC|CMAC}).
My own very subjective opinion is that assuming all of: cons
http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html
Apparently it's called "cascade encryption" or "cascade encipherment",
and the implementations are apparently called "robust combiners". And
by the way, Truecrypt already lets you pick your chosen combo of AES
and two other ci
Hi All,
With all the talk of the NSA poisoning NIST, would it be wise to
composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
I've been thinking about running a fast inner stream cipher (Salsa20
without a MAC) and wrapping it in AES with an authenticated encryption
mode (or CBC mode
12 matches
Mail list logo
