Hello, On Mon, 20 Jun 2016 22:25:45 +0200 timo <[email protected]> wrote:
> Source: http://fm4.orf.at/stories/1737330/ I am aware of this article and imho it tries to make a story where there is none, draws connections to completely unrelated issues and makes some really weird and wrong claims. The article also makes the strange recommendation that it's better to separate authentication and encryption. (quoting some security expert I never heard of) It is generally true that gcm is not received favorably by many cryptographers, but I think the fact that it's still widely used can be attributed to the (at least until recently) lack of alternatives. OCB always had this patent issue lingering around, poly1305 only became popular quite recently. We'll hopefully have some better choises for AEADs once the CAESAR competition is finished. But I have to say - considering that many people *still* use unauthenticated encryption modes and try to come up with their own authentication I'd rather see more of them use GCM. It's still likely superior to any self-made combo of encryption and authentication. -- Hanno Böck https://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
pgpJqOJycfW5Z.pgp
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
