Dear colleagues! I'd like to add that the described key meshing procedures (procedures to increase the lifetime of a key) are proven to be secure (and increasing security) in case of usage of CTR mode – see preprint at http://eprint.iacr.org/2016/628.pdf
In case of CBC/CFB modes an additional separate key for key meshing should be used. Kindest regards, Stanislav 2016-08-26 10:58 GMT+03:00 Dmitry Belyavsky <beld...@gmail.com>: > Hello all, > > Regarding the discussion of the Sweet32 attack, it's worth mentioning that > there is a specification of so called key meshing for the Russian GOST > cipher (which has 64-bit block as well). > Key meshing is a procedure of a predictable change of the current key > after processing an certain amount of data. > It is described in RFC 4357, Section 2.3 (https://tools.ietf.org/html/ > rfc4357#section-2.3). > > This key meshing defends against any attack that uses a big portion of > data encrypted with the same key. > > May be it is useful to specify the similar procedure for modern ciphers > too. > > > On Thu, Aug 25, 2016 at 5:08 AM, Tony Arcieri <basc...@gmail.com> wrote: > >> This attack was published today[*]: >> >> https://sweet32.info/ >> >> I bring it up because I think the threat model is similar to the threats >> that lead to RC4 "diediedie" >> >> https://www.rfc-editor.org/info/rfc7465 >> >> Should there be a 3DES "diediedie"? >> >> I believe 3DES is MTI for TLS 1.0/1.1(?) but I think it would make sense >> for it to be banned from TLS 1.3. >> >> [*] Lest anyone claim the contrary, I am not surprised by this attack, >> and have pushed to have 3DES removed from TLS prior to the publication of >> this attack, and can probably find a TLS implementer who can back me up on >> that. >> >> -- >> Tony Arcieri >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> >> > > > -- > SY, Dmitry Belyavsky > > _______________________________________________ > Cfrg mailing list > c...@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
