[Cryptech Tech] [Cryptech-Commits] [user/sra/aes-keywrap] 01/01: Initial commit of AES Key Wrap implementation.

[Russ Housley]

Peter:

> Russ Housley <housley at vigilsec.com> writes:
> 
>> While the document does not list authors, I do not agree with the rest of
>> your characterization.  I think of AES Key Wrap as an AEAD.  The algorithm
>> has been published for a long time.  If someone outside an intelligence
>> agency had an attack on this FIPS-approved algorithm, I think they would make
>> a name for themselves by publishing it.
> 
> Absence of evidence doesn't provide evidence of absence.  It's not just that
> there's no analysis showing weakness published, there's simply no analysis at
> all published.  We don't even know who wrote the document, it's just an
> anonymous PDF found on the NIST web site (it's also not present at the
> location given in RFC 3394, you have to Google for it and then follow the link
> you get as a result).

NIST reorganized their web site, and they did not think that stable URLs were worthwhile.  Bad decision in my view, but of course, no one asked me.

> So we're supposed to use an anonymous PDF describing an algorithm with no
> published analysis found by Googling its name and clicking on whatever link
> comes up... that's a pretty dodgy reference.

FIPS-approval is not insignificant.

Russ