[Cryptography Team] Re: KryptOn
MakoEnvelopesignedAndSealedFrom:to:object:
Ron Teitelbaum
Ron at USMedRec.com
Tue Jan 10 05:05:11 CET 2006
Tony,
Thank you for pointing out the paper. It has lead to some very interesting
reading. I looked around lshift and even posted a comment on your blog.
Are you working on cryptography at lshift? Have you considered joining the
team? Or subscribing to our list?
Can you share with us your interest in KryptOn and Squeak?
Ron Teitelbaum
Squeak Cryptography Team Leader
> -----Original Message-----
> From: cryptography-bounces at lists.squeakfoundation.org
> [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf Of
> Chris Muller
> Sent: Monday, January 09, 2006 7:37 PM
> To: Tony Garnock-Jones; chris at funkyobjects.org
> Cc: cryptography at lists.squeakfoundation.org; Paul Crowley
> Subject: [Cryptography Team] Re: KryptOn
> MakoEnvelopesignedAndSealedFrom:to:object:
>
> Hi Tony, it may very well be the other way around. I
> am honestly no encryption expert, just a skilled
> implementor. I will try to find the web reference
> that recommended that.
>
> As for ECB, I'm sorry I have no idea what that means.
> This is exactly the kind of critique I need your guys'
> help with. I am hoping that the usage and management
> are mostly ok, but there may be some tightening needed
> in the cryptography layer.
>
> This is a very worthy discussioon for the cryptography
> list, I hope you don't mind that I have copied that
> list here.
>
> Cheers,
> Chris
>
> --- Tony Garnock-Jones <tonyg at lshift.net> wrote:
>
> > Hi Chris,
> >
> > In the comment to method MakoEnvelope
> > class>>signedAndSealedFrom:to:object:, you write
> > "Security experts
> > recommend putting the signed inside the sealed".
> >
> > Isn't it the other way around? According to
> > http://www-cse.ucsd.edu/users/mihir/papers/oem.html
> > the least insecure
> > method is to encrypt, then MAC.
> >
> > Also: On digging into the implementation of
> > enciphering, it looks like
> > the default cipher, Rijndael, is being used in ECB
> > mode. Have I analysed
> > that correctly? (If so, there are other modes that
> > might be better: AEAD
> > modes such as EAX or GGM; at a minimum, CTR, but an
> > AEAD mode would be
> > better, of course)
> >
> > Regards,
> > Tony
> > --
> > [][][] Tony Garnock-Jones | Mob: +44 (0)7905
> > 974 211
> > [][] LShift Ltd | Tel: +44 (0)20 7729
> > 7060
> > [] [] http://www.lshift.net/ | Email:
> > tonyg at lshift.net
> >
> >
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
More information about the Cryptography
mailing list