IETF Logo Mail Archive

Re: [openpgp] OpenPGP encryption block modes (Was: The Argon2 proposal seems incomplete (Draft 6))

Bruce Walzer <bwalzer@59.ca> Thu, 04 August 2022 15:26 UTC

Return-Path: <bwalzer@59.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82A11C157B53 for <openpgp@ietfa.amsl.com>; Thu, 4 Aug 2022 08:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gZuBEirjYTaj for <openpgp@ietfa.amsl.com>; Thu, 4 Aug 2022 08:26:45 -0700 (PDT)
Received: from mail.59.ca (mail.59.ca [205.200.229.83]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ECC2C14F607 for <openpgp@ietf.org>; Thu, 4 Aug 2022 08:26:44 -0700 (PDT)
Received: from [10.0.0.2] (helo=ohm.59.ca) by mail.59.ca with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.94.2) (envelope-from <bwalzer@59.ca>) id 1oJcju-0002EP-G1; Thu, 04 Aug 2022 10:26:22 -0500
Date: Thu, 04 Aug 2022 10:26:21 -0500
From: Bruce Walzer <bwalzer@59.ca>
To: Daniel Huigens <d.huigens@protonmail.com>
Cc: wk@gnupg.org, justus@sequoia-pgp.org, openpgp@ietf.org
Message-ID: <YuvlHdLz0Sfle7Ot@ohm.59.ca>
References: <YuAErZRsF/KbOw1s@watt.59.ca> <87edy7keb6.fsf@thinkbox> <YuFc+w02FiRQmHcg@watt.59.ca> <87bktajjvq.fsf@thinkbox> <YuKpxp0/Dy1DfC19@watt.59.ca> <875yjhjg2c.fsf@thinkbox> <87r124m64c.fsf@wheatstone.g10code.de> <YulX9jI1+wOCwLJq@ohm.59.ca> <Q6EUpbQm0e5f1OiU-77Old9p9FXyLCaFZ8pMm7PTt8VTLQJaXRQzWIDSwc3db6yI-56imyOaTNdt9TC8Zrm1jN_kPKxFYH4OqEu6o-Wfquo=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <Q6EUpbQm0e5f1OiU-77Old9p9FXyLCaFZ8pMm7PTt8VTLQJaXRQzWIDSwc3db6yI-56imyOaTNdt9TC8Zrm1jN_kPKxFYH4OqEu6o-Wfquo=@protonmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/gKT8EHvL-WHXa4o1_0MVr5ubP_Y>
Subject: Re: [openpgp] OpenPGP encryption block modes (Was: The Argon2 proposal seems incomplete (Draft 6))
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2022 15:26:47 -0000

On Tue, Aug 02, 2022 at 06:01:41PM +0000, Daniel Huigens wrote:
[...]
> Additionally, our reason for wanting to use GCM is also for performance.
> For us, GCM is (considerably) faster than OCB, as GCM is implemented
> natively in Web Crypto.

I thought you guys were mostly doing messaging. Why would performance
be important in that environment? Speaking of messaging, wouldn't you
strongly prefer the most compatible mode? That is going to be
SEIPD-MDC for the foreseeable future. Why would either OCB or GCM be
of any particular interest?

> This makes the implementation both more secure

How would a more secure library make the overall system more secure?
The javascript is still going to be handling the plaintext. We are
only talking about the block cipher mode here, not the cipher
itself. That doesn't seem like something that could create a side
channel by itself.

Bruce

v2.23.0 | Report a Bug | By Email