[cryptography] Repeated Encryptions Considered.... ?
lloyd at randombit.net
Sun Jun 19 18:28:25 EDT 2011
On Mon, Jun 20, 2011 at 01:12:19AM +0300, Sampo Syreeni wrote:
> I mean, wouldn't it be easier to just implement it better, and/or to
> add to the certification requirements?
If you know of a way to implement AES in a way that is not vulnerable
to cache-based timing attacks in standard C in a way that is remotely
efficient (eg at least 10% the speed of the usual table technique),
please post a reference, I'd be interested.
> Often you'd be using the same key
That certainly doesn't seem like a particularly good idea...
> or the same source data for the key derivation function, all over
> your cascade, which could jeopardize even the strongest one in the
> chain if the last one leaked.
Wouldn't that be the case only if your KDF was weak?
> the last, if you don't know enough to just pick the strongest cipher and
> be done with it without compounding?
In this case, the assumption is that XSalsa20 is stronger than
AES. AES is just the window dressing for those who insist that it be
used (eg NIST and co).
More information about the cryptography