Re: [Cfrg] RGLC on draft-irtf-cfrg-chacha20-poly1305-01.txt

Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> Tue, 07 October 2014 09:57 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BB2A1ACD6A for <cfrg@ietfa.amsl.com>; Tue, 7 Oct 2014 02:57:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3eUUTiMvPF0 for <cfrg@ietfa.amsl.com>; Tue, 7 Oct 2014 02:57:14 -0700 (PDT)
Received: from mail-qg0-x230.google.com (mail-qg0-x230.google.com [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1C961ACD69 for <cfrg@irtf.org>; Tue, 7 Oct 2014 02:57:14 -0700 (PDT)
Received: by mail-qg0-f48.google.com with SMTP id i50so4900423qgf.7 for <cfrg@irtf.org>; Tue, 07 Oct 2014 02:57:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/yfSmoGEv2YwJD/K6l9+877GbozLGL1LmgKfvG6iXU0=; b=oPUYSEps1kzhQmTFwkkimuBiUI58qwd1q4P2PpoGTxaB9nUyAfQig+Lvg/6tWF/cGG x8joZj6HaVK6GxGXRUysvwsvj3FR1Ow7Qgzmq7jYKn0QXYkyhPenkm6NxXnFr+SZ++PA fcWDQaUN+4hxBjQRuM8mJQQZLlcfT+M3nLtPkpm1vehW0b0kn9cPBIg5IIQ7NyUxN5uu r3mxrSqDcswUinNqpOewN2v99MXQ0nHEispR6scMuGnSNQWjS02VNERhE23oDHRP26dy psijORt67l7Al1dlZ9ampwVSsL3CZ2RrXM+r9OZ6O7DLRnGwDDIcBxXOZEy2T/Wmj45c G98Q==
MIME-Version: 1.0
X-Received: by 10.224.65.9 with SMTP id g9mr2671631qai.59.1412675833939; Tue, 07 Oct 2014 02:57:13 -0700 (PDT)
Received: by 10.229.226.65 with HTTP; Tue, 7 Oct 2014 02:57:13 -0700 (PDT)
In-Reply-To: <m3k34clwkt.fsf@carbon.jhcloos.org>
References: <542D48CD.9060404@isode.com> <m3k34clwkt.fsf@carbon.jhcloos.org>
Date: Tue, 7 Oct 2014 11:57:13 +0200
Message-ID: <CAJU7za+itdW8Orc5PiFvBq3k2fziewu=QpZL7aag69fZn5L_Xg@mail.gmail.com>
From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
To: James Cloos <cloos@jhcloos.com>
Content-Type: text/plain; charset=ISO-8859-1
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/8QVZahoydg5jpoCYGQPYcTyBKa8
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] RGLC on draft-irtf-cfrg-chacha20-poly1305-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2014 09:57:16 -0000

On Mon, Oct 6, 2014 at 11:25 PM, James Cloos <cloos@jhcloos.com> wrote:
> [I thought I sent on this subect weeks ago, but I cannot find it in
>  the archives, ... -JimC]
>
> I have to object to defaulting to a 96/32 split.
> The rfc should specify Dan's 64/64 split as default, and only offer
> 96/32 as an option.
> Chacha isn't only useful for in-flight encryption.  One should not
> have to bother with multiple keys or IVs to encrypt large files.
> And 128 Gigs is not all that large for things like backups (tar,
> cpio, et cetera), disk images, some AV files and the like.

Would you really want to use an AEAD cipher for backup encryption in a
single pass? I mean a single bit corruption in 128 Gigs and you lost
everything as authentication would fail. Most probably backup
encryption software would split the large backup data into smaller
chunks that are authenticated and in that case the 96/32 split would
fit.

regards,
Nikos