Hi, > Black, David writes: > > 2) Copying a running virtual machine, including memory, which creates a > > copy of the session secrets. Such copies are routinely stored on > > non-volatile > > storage, from which the VM can be resumed.
[...] > > An additional reason for concern is that the encryption provided by the > > mandatory >> AEAD algorithm for tcpcrypt, AEAD_AES_128_GCM, is a stream cipher (AES GCM), >> for which reuse of a <nonce, key> pair is catastrophic - XOR-ing the two >> ciphertexts removes encryption. This is not tcpcrypt problem. The same problem applies to any security protocol (IPsec, TLS, etc.) that uses counter based cipher modes (GCM, CCM, etc.). Switch to nonce-misuse resistant modes. Regards, Valery Smyslov. _______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc
