Date: Thu, 03 Mar 2005 18:55:16 +0100 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Richard Coleman <rcoleman@criticalmagic.com> Cc: crypto@metzdowd.com Subject: Re: FUD about CGD and GBDE Message-ID: <9723.1109872516@critter.freebsd.dk> In-Reply-To: Your message of "Thu, 03 Mar 2005 12:31:56 EST." <42274A0C.5010403@criticalmagic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <42274A0C.5010403@criticalmagic.com>, Richard Coleman writes: >For instance, the NIST specification for AES and CCM mode (NIST Special >Publication 800-38C) specifically states that you must limit the number >of invocations of the block cipher (specifically AES) to 2^61. Now, I >realize that is an upper bound. But even after removing several orders >of magnitude, that leaves a huge amount of material you can encrypt with >a single key. > >Just throwing out a data point. This would be much more interesting if you qouted the number they will say ten and twenty years from now. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9723.1109872516>