[cryptography] Compositing Ciphers?

Sandy Harris sandyinchina at gmail.com
Sat Sep 7 07:04:39 EDT 2013


Jeffrey Walton <noloader at gmail.com> wrote:

> With all the talk of the NSA poisoning NIST, would it be wise to
> composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
>
> I've been thinking about running a fast inner stream cipher (Salsa20
> without a MAC) and wrapping it in AES with an authenticated encryption
> mode (or CBC mode with {HMAC|CMAC}).

I did a paper on that sort of thing a while back:
http://eprint.iacr.org/2008/473

A much improved version is in the works, but not done.


More information about the cryptography mailing list