Hello all, Regarding the discussion of the Sweet32 attack, it's worth mentioning that there is a specification of so called key meshing for the Russian GOST cipher (which has 64-bit block as well). Key meshing is a procedure of a predictable change of the current key after processing an certain amount of data. It is described in RFC 4357, Section 2.3 ( https://tools.ietf.org/html/rfc4357#section-2.3).
This key meshing defends against any attack that uses a big portion of data encrypted with the same key. May be it is useful to specify the similar procedure for modern ciphers too. On Thu, Aug 25, 2016 at 5:08 AM, Tony Arcieri <basc...@gmail.com> wrote: > This attack was published today[*]: > > https://sweet32.info/ > > I bring it up because I think the threat model is similar to the threats > that lead to RC4 "diediedie" > > https://www.rfc-editor.org/info/rfc7465 > > Should there be a 3DES "diediedie"? > > I believe 3DES is MTI for TLS 1.0/1.1(?) but I think it would make sense > for it to be banned from TLS 1.3. > > [*] Lest anyone claim the contrary, I am not surprised by this attack, and > have pushed to have 3DES removed from TLS prior to the publication of this > attack, and can probably find a TLS implementer who can back me up on that. > > -- > Tony Arcieri > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > -- SY, Dmitry Belyavsky
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls