brian m. carlson wrote:
As Werner pointed out, Camellia has been around for some time. It's
also good to have enough diversity that if someone comes out with a
major attack against AES, we're not totally sunk. Camellia is a Feistel
cipher, while AES is a substitution-permutation network, which means
that attacks are unlikely to work against both.
Ok - so what's the threat model here? Are we really expecting AES to be
broken anytime soon? Really? And we're suggesting to keep ciphers around
that have seen far less cryptanalysis?
...
I believe Google's End-to-End is using the NIST curves, and there are
already keys using these curves. I think Curve25519 and Goldilocks
would be valuable due to their rigidity and the CFRG endorsement.
Wasn't aware that end2end already has a userbase (after all, for a very
long time the GitHub repo stated 'experimental code - do not use').
Likewise Curve25519 is available in GnuPG expert mode (it says use is
discouraged though - and keyservers won't accept it).
Aaron
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp