[cryptography] Compositing Ciphers?
Eugen Leitl
eugen at leitl.org
Sat Sep 7 01:35:43 PDT 2013
----- Forwarded message from Jeffrey Walton <noloader at gmail.com> -----
Date: Fri, 6 Sep 2013 20:27:47 -0400
From: Jeffrey Walton <noloader at gmail.com>
To: Cryptography List <cryptography at randombit.net>
Subject: [cryptography] Compositing Ciphers?
Reply-To: noloader at gmail.com
Hi All,
With all the talk of the NSA poisoning NIST, would it be wise to
composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
I've been thinking about running a fast inner stream cipher (Salsa20
without a MAC) and wrapping it in AES with an authenticated encryption
mode (or CBC mode with {HMAC|CMAC}).
I'm aware of, for example, NSA's Fishbowl running IPSec at the network
layer (the "outer" encryption") and then SRTP and the application
level (the "inner" encryption). But I'd like to focus on hardening one
cipherstream at one level, and not cross OSI boundaries.
I'm also aware of the NSA's lightweight block ciphers
(http://eprint.iacr.org/2013/404). I may have been born at night, but
it was not last night....
Has anyone studied the configuration and security properties of a
inner stream cipher with an outer block cipher?
Jeff
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the cypherpunks
mailing list