[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] RE: NIST Special Publication 800-38F
Quite right, we will always have legacy support issues surrounding existing mechanisms now shown to be flawed. I guess my statement was directed more towards consideration of new mechanisms and functionality, but even then I guess my recommendation should be taken as more of a guideline rather than a rule? Either way, point taken. And in this case I think AEAD for key wrapping should be an acceptable mechanism choice. Thanks, Bob > -----Original Message----- > From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On > Behalf Of Valerie Anne Fenwick > Sent: Wednesday, April 03, 2013 7:33 PM > To: pkcs11@lists.oasis-open.org > Subject: Re: [pkcs11] RE: NIST Special Publication 800-38F > > Actually, even blocking mechanisms with known security issues is a problem > for things like CIFS that require MD4. > > Valerie > > On 04/ 3/13 03:19 PM, Burns, Robert wrote: > > Although the AEAD mechanisms are not specifically referenced, Section 3.1 > of that publication asserts, "Nevertheless, there is no requirement to protect > cryptographic keys with a distinct cryptographic method. Previously > approved authenticated-encryption modes-as well as combinations of an > approved encryption mode with an approved authentication method-are > approved for the protection of cryptographic keys, in addition to general > data.". > > > > It would appear that NIST will allow other approved encryption modes, so > GCM is a candidate. > > > > In general, I think we should only block inclusions of mechanisms if there > are known security issues, and I wasn't able to locate any obvious research > on the subject of the AEAD modes as being weaker for key wrap versus data > protection. Anyone know of any prohibitions against using GCM for key > wrapping? > > > > Bob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]