[cryptography] Is KeyWrap (RFC 3394) vulnerable to CCAs?
jeffrey at goldmark.org
Wed Dec 24 17:44:56 EST 2014
My big question whether use of Key Wrap (RFC 3394) is recommended or not.
My intuition is is that the integrity check (see section 2.2.3 of http://www.ietf.org/rfc/rfc3394.txt )
does more harm then good in providing necessary integrity checks.
I assume that this has been discussed somewhere, but my Google-fu is failing me today.
Pointers to the literature would be welcome.
More information about the cryptography