[Top] [All Lists]

Re: [openpgp] OpenPGP SEIP downgrade attack

2015-10-07 14:41:19
On Wed,  7 Oct 2015 15:50, pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz 

The reason why I prefer EtM is that it can be pretty trivially retrofitted to
existing crypto (just add a SHA-256 MAC somewhere) and is compatible with any

But raises the same problems as all data format changes.  When taking up
these trouble why got for a slow method whilst faster methods are

existing cipher, while whatever AEAD mechanism is chosen (I'm guessing AES-
GCM, which seems to be fashionable) is purely for AES, there's no Twofish or
CAST or whatever AEAD mode defined.

OCB works with all 128 bit block length ciphers and is faster than GCM.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

openpgp mailing list