[Cryptech Tech] AES SIV mode for key wrapping?

Russ Housley housley at vigilsec.com
Tue Mar 17 19:08:14 UTC 2015

Previous message (by thread): [Cryptech Tech] AES SIV mode for key wrapping?
Next message (by thread): [Cryptech Tech] AES SIV mode for key wrapping?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Paul:

>> SIV is seeing almost no uptake.  AES KEY-WRAP is preferred.
> 
> Uptake and technical value are not the same.
> 
> First, AES-SIV is being introduced into other non-IETF forums.
> 
> Second, AES-SIV is much more efficient that AES KEY-WRAP.
> 
> AES-SIV is also nonce insensitive.  A very nice property for an AEAD
> cipher.

I am aware of all of these properties, but I still recommend AES KEY-WRAP for two reasons.  First, I see little uptake.  I am aware of the places that Dan Harkins is pushing for its adoption, but they have not happened as yet.  Second, if someone wanted to use Cryptech to make a FIPS 140 module, they would need a FIPS validated mode for key wrapping.

Russ

Previous message (by thread): [Cryptech Tech] AES SIV mode for key wrapping?
Next message (by thread): [Cryptech Tech] AES SIV mode for key wrapping?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list