On 2013-08-19 2:06 PM, Kurt Roeckx wrote:
I understand that GCM is faster, but the implementations might have side channel attacks. So I'm not sure if GCM or CBC is better, but we should probably prefer GCM or CBC.
GCM is (AIUI) preferred because it's immune to BEAST. I share concern about new side channel attacks due to GMAC, though.
As far as I understand it, there is nothing wrong with 3DES other than that it's slower.
I am under the impression that the 64-bit block size is also considered a serious flaw nowadays.
zw -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
