[Ach] meta-question on algorithm agility

Hanno Böck hanno at hboeck.de
Mon May 5 11:32:22 CEST 2014

On Fri, 02 May 2014 23:20:11 +0100
ianG <iang at iang.org> wrote:

> Imagine that algorithm agility was banned.  No more choice!  How much
> resource would this free up?

I get your point why you don't like algorithm agility, but I really
don't know what the alternative would be (or if it wouldn't be much

We probably agree that from time to time, there are improvements we'd
like to see in encryption.
E.g. a few years ago forward secrecy was "some exotic stuff", TLS
implementations rarely supported it, today everyone's running around and
saying "we need forward secrecy" (and - for very good reasons).

If I should make a prediction, I think in a few years from now we'll
have a strong trend towards "we need 100% timesafe and branch-free
algorithm implementations to avoid sidechannels" and maybe at some
point people may also wonder if AES is still secure enough [1].

Now I wonder: How would such a transition work without algorithm
agility? I'm aware that algorithm agility doesn't work extremely well
for the transition, but it works at least somewhat. We can e.g. probably
at some point in the near future deprecate most of RC4 and SSL3 use.

We do that by deploying new algorithm choices and use them when
available and when pretty much everyone has switched to systems that
don't need "ugly old algorithm" any more we can deprecate then.
How would such a transition work in a one-algorithm-scenario?

[1] http://2012.sharcs.org/slides/biryukov.pdf
Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140505/67d71fa6/attachment.sig>

More information about the Ach mailing list