ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] AEAD mode unverified chunks

2018-07-23 09:34:03
from [Werner Koch] [Permanent Link] 
On Mon,  2 Jul 2018 05:03, pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz 
said:


security.  It's just a personal preference, but I'd add a somewhat stronger
warning to the text in 5.16 for per-chunk unique/random IVs and the
consequences of not using them when some AEAD modes are used.


What about this:

  A new random initialization vector MUST be used for each message.
  Failure to do so for each message will lead to a catastrophic failure
  depending on the used AEAD mode.

Or propose a different text.


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: pgpjeYBs5683d.pgp
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Test message, sorry for the noise, Daniel Kahn Gillmor
Next by Date:  Re: [openpgp] AEAD mode unverified chunks, Peter Gutmann
Previous by Thread:  Re: [openpgp] AEAD mode unverified chunks, Peter Gutmann
Next by Thread:  Re: [openpgp] AEAD mode unverified chunks, Peter Gutmann
Indexes:  [Date] [Thread] [Top] [All Lists]