next AE cipher COLM?
Tobias Mueller
muelli at cryptobitch.de
Fri May 18 15:03:39 CEST 2018
Hi,
On Fri, 2018-05-18 at 10:56 +0000, Uri Blumenthal wrote:
> which really shouldn't apply to OpenPGP or S/MIME, because each
> message should get its own unique random symmetric key
Mind you: people use OpenPGP not only for email but also for backups.
That's why two-pass schemes are not suitable, because you cannot stream
large amounts of data. There are still one-pass schemes which make
nonce reuse less fatal as with AES-GCM.
Cheers,
Tobi
More information about the Gnupg-devel
mailing list