[Cryptech Core] Fwd: Re: [Cryptech Tech] AES SIV mode for key wrapping?

Randy Bush randy at psg.com
Thu Mar 19 01:47:50 UTC 2015

Previous message (by thread): [Cryptech Core] dashboard update
Next message (by thread): [Cryptech Core] batteries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Subject: Re: [Cryptech Tech] AES SIV mode for key wrapping?
From: Sean Turner <turners at ieca.com>
In-Reply-To: <m2r3smhksk.wl%randy at psg.com>
Date: Wed, 18 Mar 2015 20:08:48 -0400
Cc: Steve Bellovin <smb at cs.columbia.edu>,
    Rob Austein <sra at hactrn.net>

So I=92m be wrong here but I thought AES-SIV was something Dan Harkins =
was pushing and basically nobody else?

My complaint about PKCS#15 is that it looks really complicated for what =
you=92d need.

Note that AES key wrap there=92s actually two ways to do it:
	RFC 3394
	RFC 5649

spt

From: "Steven M. Bellovin" <smb at cs.columbia.edu>
Subject: Re: [Cryptech Tech] AES SIV mode for key wrapping?
To: "Randy Bush" <randy at psg.com>
Cc: "Sean Turner" <turners at ieca.com>, "Rob Austein" <sra at hactrn.net>
Date: Wed, 18 Mar 2015 10:07:06 -0400

It's not something I've followed.  I can look at it, but not before Friday.

Re security proofs: I'm all in favor of them, but ask three questions
first: (1) are the properties that are proved actually important and
complete?  (2) Is the threat model reasonable?  (3) Are the other 
assumptions reasonable?

Previous message (by thread): [Cryptech Core] dashboard update
Next message (by thread): [Cryptech Core] batteries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Core mailing list