You *plan* to use a different key for each message. I prefer Moses that don't
break even when plans fail, for whatever reason.
GCM = CTR + GMAC
GCM-SIV = CTR +POLYVAL + KeySched
Yes, to the best of my knowledge, GCM-SIV is free to use, commercial or
otherwise. The RFC should state this, if
On Thu, Feb 25, 2021 at 2:39 PM Devharsh Trivedi
wrote:
>
> Which of the following is more secure?
> 1. AES-GCM (AEAD)
> 2. AES-CBC+HMAC (EtA)
>
> Ref.: https://www.cryptopp.com/wiki/Authenticated_Encryption
Also see https://www.cryptopp.com/wiki/Integrated_Encryption_Scheme.
Jeff
--
You
Also, Is AES-GCM-SIV recommended by NIST?
I see a proposal over here -
https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/proposed-modes/aes-gcm-siv/aes-gcm-siv-may2019.pdf
On Thursday, 25 February 2021 at 17:26:40 UTC-5 Devharsh Trivedi wrote:
> Thank you for the
Thank you for the prompt response. :)
Yes I am planning to use a new KEY for each message. (Keeping the IV/nonce same)
How about AES-GCM-GMAC? Is it same as AES-GCM?
Is AES-GCM-SIV patent free? Does cryptopp provide AES-GCM-SIV library?
> On Feb 25, 2021, at 5:04 PM, Uri Blumenthal wrote:
>
What is your threat model?
If you can guarantee that a combination of Key + Nonce will not repeat, AES-GCM
is a better choice.
AES-GCM is a yesterday's achievement. A smarter and a more secure altogether
choice today is AES-GCM-SIV.
CBC + HMAC is/was before yesterday.
> On Feb 25, 2021, at
Which of the following is more secure?
1. AES-GCM (AEAD)
2. AES-CBC+HMAC (EtA)
Ref.: https://www.cryptopp.com/wiki/Authenticated_Encryption
--
You received this message because you are subscribed to "Crypto++ Users". More
information about Crypto++ and this group is available at
