@BRIAN_____ If usable everywhere as a high perf cipher with comparable security to AES / ChaChaPoly, that'd be great. Dangerous, if can't...
-
-
-
@NullDereference I mean, can we use ChaCha20-Poly1305 everywhere? And, where we can't, what's the real reason? -
@BRIAN_____ Not to mention: Who the hell thinks, "yeah, I really should try this new untested niche cipher from the NSA for all my stuff"? -
@NullDereference In fairness to them, they address both of those concerns (newness and the fact that NSA made it) in the conclusion. -
@BRIAN_____ I have no doubt that the NSA still makes quality crypto for the public (at least some of the time), but the needed trust is gone -
@NullDereference Would you prefer a non-NSA cipher that has been studied/tested less over an NSA cipher that has been tested extensively? -
@BRIAN_____ Nope. Given the choice, I'd pick better understood NSA. Not the actual choice though. As you said, ChaChaPoly is clear option.
End of conversation
New conversation -
-
-
@BRIAN_____ funny you say that, because I think the "IoT" use case is driving the CFRG's decision to adopt IUF signatures :( -
@bascule@BRIAN_____ Also contributes towards the apparent unwillingness to consider dropping non-FS PSK from TLS 1.3. -
@NullDereference@bascule I think that's due to the lack of a convincing argument that everything can do ECDHE & ECDSA w/ reasonable perf. -
@BRIAN_____@bascule I would argue that anything that can't do minimal ECDHE shouldn't be considered safe to actually deploy. -
@NullDereference@bascule The slowest things are very slow. Probably worth reading https://cryptojedi.org/papers/avrmul-20150101.pdf … and https://cryptojedi.org/papers/avrnacl-20130514.pdf …. -
@BRIAN_____@bascule To be clear: When I mean minimal, in this context a 192 bit (96 bit sec.) curve would be better than allowing plain PSK -
@NullDereference@bascule I'm more interested in using the same algorithms, protocols, and key sizes for IoT and non-IoT things. -
@BRIAN_____@bascule If plain PSK w/o ECDHE is allowed, then we're already not doing that. Weak ECDHE+PSK is much better than non-FS PSK.
End of conversation
New conversation -
-
-
.
@BRIAN_____ if a IoT device has the capability of an IP stack, why should it need specialised primitives?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.