[Ach] GCM in real time applications

Hanno Böck hanno at hboeck.de
Mon Jun 20 22:44:30 CEST 2016


On Mon, 20 Jun 2016 22:25:45 +0200
timo <timog24 at mailbox.org> wrote:

> Source: http://fm4.orf.at/stories/1737330/

I am aware of this article and imho it tries to make a story where
there is none, draws connections to completely unrelated issues and
makes some really weird and wrong claims.

The article also makes the strange recommendation that it's better to
separate authentication and encryption. (quoting some security expert I
never heard of)

It is generally true that gcm is not received favorably by many
cryptographers, but I think the fact that it's still widely used can be
attributed to the (at least until recently) lack of alternatives. OCB
always had this patent issue lingering around, poly1305 only became
popular quite recently. We'll hopefully have some better choises for
AEADs once the CAESAR competition is finished.

But I have to say - considering that many people *still* use
unauthenticated encryption modes and try to come up with their own
authentication I'd rather see more of them use GCM. It's still likely
superior to any self-made combo of encryption and authentication.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20160620/0becaaa0/attachment.sig>

More information about the Ach mailing list