On Thu, Oct 18, 2012 at 11:18 PM, Mike Perry wrote:
> Thus spake Nick Mathewson (ni...@alum.mit.edu):
>
>> On Thu, Oct 18, 2012 at 6:10 PM, Mike Perry wrote:
>> [...]
>> >> There are modes that are supposed to prevent this, and applying them
>> >> to a decent wide-block cipher might solve the is
Thus spake Nick Mathewson (ni...@alum.mit.edu):
> On Thu, Oct 18, 2012 at 6:10 PM, Mike Perry wrote:
> [...]
> >> There are modes that are supposed to prevent this, and applying them
> >> to a decent wide-block cipher might solve the issue. IGE is one of
> >> them [IGE], but it turns out to be b
On Thu, Oct 18, 2012 at 6:10 PM, Mike Perry wrote:
[...]
>> There are modes that are supposed to prevent this, and applying them
>> to a decent wide-block cipher might solve the issue. IGE is one of
>> them [IGE], but it turns out to be broken by an attacker who knows
>> some plaintext. The Accu
Thus spake Nick Mathewson (ni...@torproject.org):
> I should share with the list an update of where I am with a design for
> an improved relay crypto protocol. For background and motivation,
> please see the last thread on the topic [Prop202].
>
> There are three main questions remaining for me
>On Thu, 11 Oct 2012 19:17:22 +
>unknown wrote:
> On Tue, 9 Oct 2012 00:28:38 -0400
> Nick Mathewson wrote:
>
> > So to be concrete, let me suggest a few modes of operation. I believe
> > I'm competent to implement these:
>
> I think (IMHO) Keccak makes many (most?) symmetric encryption m
On Tue, 9 Oct 2012 00:28:38 -0400
Nick Mathewson wrote:
> So to be concrete, let me suggest a few modes of operation. I believe
> I'm competent to implement these:
I think (IMHO) Keccak makes many (most?) symmetric encryption modes
obsolete in the near future.
Now Keccak-Hash is SHA-3 winner.
On 10/9/12, Nick Mathewson wrote:
> On Tue, Oct 9, 2012 at 12:31 PM, Robert Ransom
> wrote:
> [...]
>>> AES-CTR + HMAC-SHA512/256.
>>>
>>> AES-CTR + Poly1305. Poly1305 requires nonces, but we can use a
>>> counter for those.
>>
>> Poly1305AES requires nonces. Poly1305 itself requires
>>
On Tue, Oct 9, 2012 at 12:31 PM, Robert Ransom wrote:
[...]
>> AES-CTR + HMAC-SHA512/256.
>>
>> AES-CTR + Poly1305. Poly1305 requires nonces, but we can use a
>> counter for those.
>
> Poly1305AES requires nonces. Poly1305 itself requires
> (computationally-indistinguishable-from-) indepe
On 10/9/12, Robert Ransom wrote:
> On 10/8/12, Nick Mathewson wrote:
>> The second category (frob, encrypt, frob) is pretty elegant IMO. The
>> best-explained of these I've seen so far are in a
>> paper by Palash Sarkar [Efficient-Tweakable], though the earlier TET
>> construction [TET] might al
On 10/8/12, Nick Mathewson wrote:
> I should share with the list an update of where I am with a design for
> an improved relay crypto protocol. For background and motivation,
> please see the last thread on the topic [Prop202].
>
> There are three main questions remaining for me in choosing among
I should share with the list an update of where I am with a design for
an improved relay crypto protocol. For background and motivation,
please see the last thread on the topic [Prop202].
There are three main questions remaining for me in choosing among new
relay crypto protocols. Basically, the
11 matches
Mail list logo
