Hey Crypto Twitterland. #Kubernetes prefers AES CBC (without HMAC!!) over AES GCM for encryption at rest (probably the fear the AES GCM forbidden attack, see the rotation note). Do you agree? https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ …
-
-
Replying to @asanso
the forbidden attack recovers the authentication key, that wouldn't make sense. (I mean GCM with broken authentication is just as bad as CBC, not worse.) it's probably a case of "we should have better AEADs"...
3 replies 0 retweets 6 likes -
wait they already have xsalsa20, that seems like what they should use, right?
1 reply 0 retweets 4 likes -
Replying to @hanno
apparently they put in a second position. Strong cs Strongest :)
1 reply 0 retweets 2 likes -
Replying to @asanso
without having reviewed the use case my gut feeling tells me they should use xsalsa20 by default and mark both cbc and gcm as not recommended / deprecated
1 reply 0 retweets 3 likes -
Replying to @hanno
I agree.
@hashbreaker we really need a Caesar winner :D1 reply 0 retweets 0 likes -
Most likely they are constrained to preferring solutions that use FIPS-140-approved cryptography for business reasons.
2 replies 0 retweets 1 like -
then make the default xsalsa and say "if you need a lower security level for fips compliance reasons chose this" for gcm.
1 reply 0 retweets 1 like
I suggest asking @smarterclayton who to talk to about it. I am surprised XSalsa is even an option in the first place (near-zero interoperability or compliance benefit), and I can't reverse-engineer the rationale for the other options provided either.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.