next AE cipher COLM?
Werner Koch
wk at gnupg.org
Thu May 17 19:27:04 CEST 2018
On Thu, 17 May 2018 16:47, andrewg at andrewg.com said:
> advisable to stick to algorithms with a few miles on the clock, such as
> GCM, even if they may not be strictly ideal? There will never be an
I wrote it several times over the last days: We have working and
interoperable implementations of the new AEAD mode [1]. Along with a
very well optimized implementation in Libgcrypt master. No need to open
that case again. It is unfortuanate that we need to have algorithm
preferencees and to define two of them but that is required to avoid a
patent trap. Adding another patented algorithm with zero experience in
the field is not helpful.
And please don't mention GCM - counter based algorithms are way too
brittle for solid cryptography. Remember the RC4 lessons.
Salam-Shalom,
Werner
[1] Ribose NetPGP (rnp), GnuPG 2.3, openpgp.js
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180517/c3d64c29/attachment.sig>
More information about the Gnupg-devel
mailing list