Re: [openpgp] AEAD Chunk Size

Peter Gutmann <> Fri, 29 March 2019 03:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 35AE0120175 for <>; Thu, 28 Mar 2019 20:30:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XfGL9NCeBhba for <>; Thu, 28 Mar 2019 20:30:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DCBA7120169 for <>; Thu, 28 Mar 2019 20:30:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1553830202; x=1585366202; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=n02UIkwa9nEh0ngGGma4SrcS+IN74sb4pO+ScUZfV0Y=; b=is8LJw6w2NzKphui9PIl5AzXj/fHmDkUfaGLhP6O6xp8MSi4mwqZbYeR mKqwrcau9EX4ZudIhmoDz/9ZoVCVRndZwXRWU2xcJnuhC327Nlu72dj/M yceEXF9z9mqyyOJ/lsC8Q4biXrYzzSucDhD4hlnqBNn82LSAFZGs+QqVx D5s7HGIBrM1gBKgtMOY55is2hY6femPEYJzT2E18JY4Pob7g4KZSXwHLW IPsqe3bDQ13cPgr8GUheN92/aLwFChp+7sobobtZ3KqScyNcMkcgtaexa nkSfkzJ7JY5OG35t5MoaUKGB5XSOfobhnoNUGuE4c0FTPO0Wf3YX/tQsY A==;
X-IronPort-AV: E=Sophos;i="5.60,283,1549882800"; d="scan'208";a="53617940"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 29 Mar 2019 16:30:00 +1300
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 29 Mar 2019 16:29:59 +1300
Received: from ([]) by ([]) with mapi id 15.00.1395.000; Fri, 29 Mar 2019 16:29:59 +1300
From: Peter Gutmann <>
To: "Neal H. Walfield" <>, Jon Callas <>
CC: "" <>, Justus Winter <>, Jon Callas <>
Thread-Topic: [openpgp] AEAD Chunk Size
Date: Fri, 29 Mar 2019 03:29:58 +0000
Message-ID: <>
References: <> <> <>, <>,<>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [openpgp] AEAD Chunk Size
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 Mar 2019 03:30:04 -0000

I wrote:

>PGP is typically used to encrypt data at rest (make the chunk size the file

Another thing with that particular case, if you get a MAC failure decrypting
data at rest do you really care? It's more likely a bit-flip somewhere than
someone trying to tamper with your archived sales records from 2003, and I
suspect most people would rather have slightly corrupted data than no data at

That's the nice thing about the standard block cipher modes, they recover from
errors.  In... oh, approximately 100% of the encrypted data I have lying
around, I'll happily ignore any auth errors, I just want the plaintext back.
So while it's fun and geeky to dream up something using the latest trendy AEAD
modes, is it something that (a) is necessary and (b) people who aren't geeks
care about?