Black Raven Dragoons

...because insanity just isn't crazy enough.
https://forums.blackravendragoons.com/

The Cryptographic Doom Principle

https://forums.blackravendragoons.com/technology-lounge-f53/the-cryptographic-doom-principle-t2987.html

Page 1 of 1

The Cryptographic Doom Principle

PostPosted: Tue Apr 14, 2015 11:43 am
by Zancarius
I thought this was worth sharing:

http://www.thoughtcrime.org/blog/the-cr ... principle/

MAC in this case doesn't mean Mandatory Access Control, it doesn't mean Media Access Control (like a MAC address), nor does it refer to cutesy little computers with a smile--it refers to Message Authentication Codes like HMAC.

A few other resources for those interested:

Colin Percival's guideline's on cryptography, and why you should encrypt-then-MAC:
http://www.daemonology.net/blog/2009-06 ... swers.html
http://www.daemonology.net/blog/2009-06 ... n-mac.html

A good crypto.stackexchange.com discussion on the various methods of operation (really, though, you should only use encrypt-then-MAC):
http://crypto.stackexchange.com/a/205

Wikipedia's write-up on authenticated encryption (basically what's discussed above):
http://en.wikipedia.org/wiki/Authenticated_encryption

More reasons you shouldn't MAC-then-encrypt (or MAC-and-encrypt) by Graham Sutherland (not this Graham Sutherland--this Graham Sutherland who has given a large number of talks on the subject):
https://codeinsecurity.wordpress.com/20 ... pt-is-bad/
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/