[Cryptech Tech] [Cryptech-Commits] [user/sra/aes-keywrap] 01/01: Initial commit of AES Key Wrap implementation.

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue May 5 12:15:36 UTC 2015


Rob Austein <sra at hactrn.net> writes:

>2) For the portions that do come from RFC 3394, be warned that RFC
>   3394 specifies the steps in two different ways, one intended for
>   software, the other (perhaps) better suited for hardware. 

Another thing to be aware of with RFC 3394, or more specifically the NIST key
wrap spec, is that it has no provenance, it's just some random thing that
someone at NIST, or possibly the NSA (or space aliens, the NIST doc lists no
authors), dreamed up.  There's no analysis, either in the NIST spec, or
independently, of the design, it's just "bash the key bits around randomly".

When your sole reference is an unexplained algorithm from an anonymous doc on
the NIST web site you're really going out on a limb.  A better way to do key
wrap would be to use conventional encrypt-then-MAC packaging.

Peter.



More information about the Tech mailing list