-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aloha!
Just realized that AES is more than 10 years, and has been an amazing success. But at the same time, looking at SSL/TLS, the number of widely deployd symmetric ciphers is decreasing. RC4 will probably be deprecated in the near future leaving us with basically AES, 3DES. Getting a new stream cipher (like Salsa20, ChaCha) into SSL/TLS has been met with some resistance with arguments that we don't need it since we have good stream cipher modes like GCM that provides good performance as well as authentication after encryption. And yes, that is true. But the cipher agility is reduced. We might end up with only AES as the widely deployd cipher. I'm not convinced that is a good development. So, my thinking is that what can we do to as easily as possible complement (not replace) AES with that can be dropped in into similar suites such as TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (RFC2588)? A block cipher that provides at least as good performance and security but is based on different mechanisms to protect from possible future weaknesses easily affecting both AES and the other cipher. Sound good, bad, dumb? The question is then - what is state of the art in block cipher design? What would be the candidates to complement AES in SSL/TLS? - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlKYcTAACgkQZoPr8HT30QHMvgCeKdBzjlb91ndWvMf2tzTcSmNk VGYAoK8RjzTIpFZhG4oSPXf2qYguBPwg =aOw0 -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography