Julien Vehent wrote:
> > The discussion above was biased in favor of what was best for FirefoxOS
> and
> > FxAndroid.
>
> AES-NI has also removed mosts concerns around bad implementations of
> AES, so it seems that the attacks we were concerned about two years ago
> do not apply anymore.
>
I thi
On Tue, Dec 1, 2015 at 8:55 AM, Julien Vehent wrote:
>
> AES-NI is fast enough that we shouldn't have to care:
>
> $ openssl speed -evp aes-256-gcm
> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes
> aes-256-gcm 385250.93k 983154.24k 2011460.35k 2620519.76k 3
On Mon 30.Nov'15 at 11:37:18 -1000, Brian Smith wrote:
> Julien Vehent wrote:
>
> > The original thread [1] had a long discussion on this topic. The DJB batch
> > attack redefines the landscape, but does not address the original concerns
> > around AES-256 resistance. To me, the main question is
Julien Vehent wrote:
> The original thread [1] had a long discussion on this topic. The DJB batch
> attack redefines the landscape, but does not address the original concerns
> around AES-256 resistance. To me, the main question is to verify whether
> AES-256 implementations are at least as resis
On 11/30/2015 12:07 PM, Julien Vehent wrote:
On 2015-11-30 12:47, Robert Relyea wrote:
I've always found the 128 bit prioritized over 256 a silly
recommendation, I support reordering.
Can you expand on why you think it is silly?
The argument went that 128 bit was 'sufficient' and there was a
On 2015-11-30 12:47, Robert Relyea wrote:
I've always found the 128 bit prioritized over 256 a silly
recommendation, I support reordering.
Can you expand on why you think it is silly?
The original thread [1] had a long discussion on this topic. The DJB
batch attack redefines the landscape, bu
On 11/25/2015 02:01 PM, April King wrote:
My colleague Julien Vehent and I are in the process of updating the
Mozilla Server Side TLS documentation:
https://wiki.mozilla.org/Security/Server_Side_TLS
One of the topics of conversation was whether or not the Modern TLS
configuration should prefe
Other recommended reading when discussing this:
https://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
https://www.reddit.com/r/crypto/comments/39211m/is_really_aes256_less_secure_than_ae
8 matches
Mail list logo
