Tony Arcieri writes:
>As someone who works professionally in the payments industry alongside people
>who are directly implementing EMV protocols, let me note: those are not IETF
>protocols and should not have bearing on IETF/IRTF decisions regarding
>deprecations of protocols
On Wed, 24 Aug 2016 19:08:02 -0700
Tony Arcieri wrote:
> Should there be a 3DES "diediedie"?
I think a 3des diediedie rfc would be a good idea.
I was wondering yesterday whether I should disable 3des on my servers.
I'd likely exclude a small portion of my visitors for a very
Hello all,
Regarding the discussion of the Sweet32 attack, it's worth mentioning that
there is a specification of so called key meshing for the Russian GOST
cipher (which has 64-bit block as well).
Key meshing is a procedure of a predictable change of the current key after
processing an certain
Tony Arcieri writes:
> This attack was published today[*]:
>
> https://sweet32.info/
>
> I bring it up because I think the threat model is similar to the threats
> that lead to RC4 "diediedie"
>
> https://www.rfc-editor.org/info/rfc7465
>
> Should there be a 3DES
On Wed, Aug 24, 2016 at 8:28 PM, Peter Gutmann
wrote:
> Only if there's an actualy issue. 3DES is still very widely supported
> (particularly in financial systems and embedded)
As someone who works professionally in the payments industry alongside
people who are
Tony Arcieri writes:
>Should there be a 3DES "diediedie"?
Only if there's an actualy issue. 3DES is still very widely supported
(particularly in financial systems and embedded), and provides a useful
backup to AES. An attack that recovers cookie if you can record 785GB
of