IETF Logo Mail Archive

Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API

Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri, 21 November 2014 07:55 UTC

Return-Path: <mpg@elzevir.fr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1A011AD291 for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 23:55:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.244
X-Spam-Level:
X-Spam-Status: No, score=-1.244 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, J_CHICKENPOX_66=0.6, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.594] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQcIghUfldCc for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 23:55:53 -0800 (PST)
Received: from mordell.elzevir.fr (mordell.elzevir.fr [92.243.3.74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0E5F1A1A3F for <cfrg@irtf.org>; Thu, 20 Nov 2014 23:55:53 -0800 (PST)
Received: from thue.elzevir.fr (unknown [IPv6:2a01:e35:8a5d:80b0:be5f:f4ff:fe2c:95bc]) by mordell.elzevir.fr (Postfix) with ESMTPS id A932D16142; Fri, 21 Nov 2014 08:55:51 +0100 (CET)
Received: from [IPv6:2a01:e35:8a5d:80b0:caf7:33ff:fe89:5d50] (unknown [IPv6:2a01:e35:8a5d:80b0:caf7:33ff:fe89:5d50]) by thue.elzevir.fr (Postfix) with ESMTPSA id 09E77216EE; Fri, 21 Nov 2014 08:55:51 +0100 (CET)
Message-ID: <546EF006.1060205@elzevir.fr>
Date: Fri, 21 Nov 2014 08:55:50 +0100
From: Manuel Pégourié-Gonnard <mpg@elzevir.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: David Gil <dgil@yahoo-inc.com>, "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>, "jberliner@caa.columbia.edu" <jberliner@caa.columbia.edu>, Watson Ladd <watsonbladd@gmail.com>
References: <546E0AE5.3040601@w3.org> <CACsn0cn+KX9J1NSUFhKV32iWL4KLHEPOKcXea3cD20QK2YeeaA@mail.gmail.com> <CAP4fkhhBs1QHj5OFoukJdBt2L=EL0PEZ8yefC8S-JRFM=4WX=Q@mail.gmail.com> <A113ACFD9DF8B04F96395BDEACB340420BE7E5EA@xmb-rcd-x04.cisco.com> <546E248E.8020305@elzevir.fr> <1416505822.31934.YahooMailNeo@web310003.mail.ne1.yahoo.com>
In-Reply-To: <1416505822.31934.YahooMailNeo@web310003.mail.ne1.yahoo.com>
OpenPGP: id=98EED379; url=https://elzevir.fr/gpg/mpg.asc
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/8KjSN-rjU09n6fmbIBHTxiV3y_A
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Nov 2014 07:55:55 -0000

On 20/11/2014 18:50, David Gil wrote:
>> "AES-CFB is not CCA secure. It is CPA-secure if the IV is random, but it is not
>> enough for the IV be be a nonce [rogaway11evaluation]."
> 
> Could we please just use the terminology that every paper on crypto uses?
> 
> Standard jargon: IVs are always uniform (computationally hard 
> pseudo)random strings. Nonces are strings that are used only once.
> 
Sure. How would you word the above sentence?

> As Watson noted, an IV of sufficient length is with high probability
> a nonce; best is to set len(IV) = 2*s, where s is the target security
> strength.
> 
Yes, and as I noted, there are existing cases where this length condition is not
satisfied.

Manuel.

v2.23.0 | Report a Bug | By Email