[Ach] NIST review of cryptographic standards

Maarten Van Horenbeeck maarten.vhb at gmail.com
Thu Nov 7 00:02:28 CET 2013


Hi Thomas,

You are right. Today it would be difficult to add them to a default
configuration, as the support simply is not there on the server or client
side, but in the near future these will make good alternatives for things
like AES-GCM.

That actually brings up a more process comment- I think it pays to think
about setting expectations with consumers of the configurations that these
configurations needs to be considered agile, and that the recommended
configurations will change over time and will need to be updated. Perhaps
even test and flag what the most common break scenarios are between updates
(e.g. error message, hanging connection, ...), so administrators do not
just roll back completely if permitting a single weaker cipher would
address the break scenario.

Cheers,
Maarten


On Wed, Nov 6, 2013 at 2:51 PM, Thomas Schreck <tom at schreck-thomas.de>wrote:

> Hi Maarten,
>
> so we cannot really recommend that ciphers but good to see that they are
> working on improving that.
>
> Thomas
>
> On 06/11/13 23:45, Maarten Van Horenbeeck wrote:
> > Hi Thomas,
> >
> > For ChaCha20, there's basic support already in Mozilla:
> > https://bugzilla.mozilla.org/show_bug.cgi?id=917571
> >
> > Adam Langley, Ben Laurie, Elie Bursztein and others are also driving
> > development in other client libraries like NSS and OpenSSL:
> > https://www.imperialviolet.org/2013/10/07/chacha20.html
> >
> > There's support for Rabbit in CyaSSL, but I don't see a lot of practical
> > support for it emerging outside of that library.
> >
> > Cheers,
> > Maarten
> >
> >
> > On Wed, Nov 6, 2013 at 1:43 PM, Thomas Schreck <tom at schreck-thomas.de
> >wrote:
> >
> >>
> >> Hi Maarten,
> >>>
> >>> E.g. it recommends Rabbit as a stream cipher, instead of Salsa20, which
> >> is
> >>> pretty popular (e.g.
> >>> http://tools.ietf.org/html/draft-josefsson-salsa20-tls-02). Both were
> >> part
> >>> of the eSTREAM portfolio recommendation for software implementations.
> >>
> >> are there any implementations of that ciphers despite the reference
> ones?
> >>
> >> Thomas
> >>
> >>>
> >>> Cheers,
> >>> Maarten
> >>>
> >>>
> >>> On Mon, Nov 4, 2013 at 5:57 AM, Thomas Schreck <tom at schreck-thomas.de
> >>> wrote:
> >>>
> >>>> BSI is also providing a list of recommended key lengths
> >>>>
> >>>>
> >>
> https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr02102/index_htm.html
> >>>>
> >>>> German only ...
> >>>>
> >>>> Am 04.11.2013 14:15, schrieb L. Aaron Kaplan:
> >>>>>
> >>>>> On Nov 4, 2013, at 2:04 PM, Aaron Zauner <azet at azet.org> wrote:
> >>>>>
> >>>>>> Hi *,
> >>>>>>
> >>>>>> This might be of interest:
> >>>> http://csrc.nist.gov/groups/ST/crypto-review/index.html
> >>>>>>
> >>>>> Thanks, I updated the section methods.tex accordingly.
> >>>>>
> >>>>> $ git pull
> >>>>>
> >>>>>
> >>>>> a.
> >>>>>
> >>>>>> Aaron
> >>>>>> _______________________________________________
> >>>>>> Ach mailing list
> >>>>>> Ach at lists.cert.at
> >>>>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >>>>>
> >>>>> ---
> >>>>> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> >>>>> // CERT Austria - http://www.cert.at/
> >>>>> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> >>>>> // Firmenbuchnummer 172568b, LG Salzburg
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Ach mailing list
> >>>>> Ach at lists.cert.at
> >>>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >>>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Ach mailing list
> >>>> Ach at lists.cert.at
> >>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >>>>
> >>>>
> >>>
> >> _______________________________________________
> >> Ach mailing list
> >> Ach at lists.cert.at
> >> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >>
> >
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20131106/dc9cb7f4/attachment.html>


More information about the Ach mailing list