Re: [Cfrg] AES-GCM weakness
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 19 July 2011 05:02 UTC
Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D27621F856F for <cfrg@ietfa.amsl.com>; Mon, 18 Jul 2011 22:02:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.649
X-Spam-Level:
X-Spam-Status: No, score=-3.649 tagged_above=-999 required=5 tests=[AWL=-0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kLn7H-FLj-Z7 for <cfrg@ietfa.amsl.com>; Mon, 18 Jul 2011 22:02:34 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by ietfa.amsl.com (Postfix) with ESMTP id E60CE21F856C for <cfrg@irtf.org>; Mon, 18 Jul 2011 22:02:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1311051754; x=1342587754; h=from:to:subject:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20cfrg@irtf.org,=20jeremie.crenne@univ-ubs.fr |Subject:=20Re:=20[Cfrg]=20AES-GCM=20weakness |In-Reply-To:=20<000001cc4583$5f371720$1da54560$@crenne@u niv-ubs.fr>|Message-Id:=20<E1Qj2Ry-0002yg-CU@login01.fos. auckland.ac.nz>|Date:=20Tue,=2019=20Jul=202011=2017:02:30 =20+1200; bh=FSIOn1z1OnERypJefSX8BUAeDRoI4HWV67xwafOp8Us=; b=N7Jogh/Ijpj7OSRuxCArMwxHppCyumdsb7IQY6tELj0YdWkoJwqYuDkY UenXQzo67BwNtgyBdu6wji56THkSEox5hNaRYvhXrVqvhj5oC9V/DNXrO in29DfQ4U8Mj7TuBJUFw7EH7MgBwyg5LuNOKMY8uwcBHUsr24ZnEuFAWs Q=;
X-IronPort-AV: E=Sophos;i="4.67,226,1309694400"; d="scan'208";a="72525187"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 19 Jul 2011 17:02:30 +1200
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Qj2Ry-0002xB-HV; Tue, 19 Jul 2011 17:02:30 +1200
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Qj2Ry-0002yg-CU; Tue, 19 Jul 2011 17:02:30 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: cfrg@irtf.org, jeremie.crenne@univ-ubs.fr
In-Reply-To: <000001cc4583$5f371720$1da54560$@crenne@univ-ubs.fr>
Message-Id: <E1Qj2Ry-0002yg-CU@login01.fos.auckland.ac.nz>
Date: Tue, 19 Jul 2011 17:02:30 +1200
Subject: Re: [Cfrg] AES-GCM weakness
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 05:02:38 -0000
=?iso-8859-1?Q?J=E9r=E9mie_Crenne?= <jeremie.crenne@univ-ubs.fr> writes: >What is the feeling of the community about the recent potential AES-GCM >weakness due to weak keys ? GCM's problem isn't the weak keys in AES-GCM, it's that it's a KSG rather than a standard block cipher. It's RC4 all over again, and we're going to see the same problems with GCM that we've already seen with RC4. There have been several already, and the only reason why we haven't seen more is that GCM isn't used that much (that is, it's used in a small number of widely-deployed applications, but hasn't become the universal algorithm of choice that RC4 was. Once, or if, it does, we'll see exactly the same problems that plagued RC4 throughout its effective lifetime). Peter.
- [Cfrg] AES-GCM weakness Jérémie Crenne
- Re: [Cfrg] AES-GCM weakness David McGrew
- Re: [Cfrg] AES-GCM weakness Scott Fluhrer (sfluhrer)
- Re: [Cfrg] AES-GCM weakness Peter Gutmann
- [Cfrg] request for comments on "Generation of Det… David McGrew
- Re: [Cfrg] request for comments on "Generation of… Peter Gutmann
- Re: [Cfrg] request for comments on "Generation of… Dan Harkins
- Re: [Cfrg] request for comments on "Generation of… Peter Gutmann
- Re: [Cfrg] request for comments on "Generation of… Jim Schaad
- Re: [Cfrg] request for comments on "Generation of… David Jacobson
- Re: [Cfrg] request for comments on "Generation of… Dan Harkins
- [Cfrg] two-pass modes of operation David McGrew
- Re: [Cfrg] request for comments on "Generation of… David McGrew
- Re: [Cfrg] request for comments on "Generation of… Peter Gutmann