[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] RE: NIST Special Publication 800-38F
Actually, even blocking mechanisms with known security issues is a problem for things like CIFS that require MD4. Valerie On 04/ 3/13 03:19 PM, Burns, Robert wrote:
Although the AEAD mechanisms are not specifically referenced, Section 3.1 of that publication asserts, "Nevertheless, there is no requirement to protect cryptographic keys with a distinct cryptographic method. Previously approved authenticated-encryption modes-as well as combinations of an approved encryption mode with an approved authentication method-are approved for the protection of cryptographic keys, in addition to general data.". It would appear that NIST will allow other approved encryption modes, so GCM is a candidate. In general, I think we should only block inclusions of mechanisms if there are known security issues, and I wasn't able to locate any obvious research on the subject of the AEAD modes as being weaker for key wrap versus data protection. Anyone know of any prohibitions against using GCM for key wrapping? Bob-----Original Message----- From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Lockhart, Robert Sent: Wednesday, April 03, 2013 6:01 PM To: pkcs11@lists.oasis-open.org Subject: [pkcs11] NIST Special Publication 800-38F I took a quick glance and GCM and CCM are in fact only mentioned in the Appendix B as other authenticating modes of operation. The major difference being that GCM& CCM perform authentication on the encrypted value not the clear text value. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf This will teach me to re-read the documents before bringing them up. Bob L.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]