The Community for Technology Leaders
RSS Icon
Issue No.04 - July/August (2008 vol.6)
pp: 62-65
Justin Troutman , Extorque Cryptographic Services
This installment of Crypto Corner takes a concise look at some of the issues responsible for why cryptography usually ends up looking bad, in practice, and fails to establish the right threat model, let alone realize it. Ultimately, this failure is largely due to a lack of cryptographic competence and the dreaded habit of crammed-in-and-cobbled-together design.
cryptography, authenticated encryption, recycling primitives, Advanced Encryption Standard, AES, Crypto Corner
Justin Troutman, "The Virtues of Mature and Minimalist Cryptography", IEEE Security & Privacy, vol.6, no. 4, pp. 62-65, July/August 2008, doi:10.1109/MSP.2008.99
1. S.M. Bellovin, "Problem Areas for the IP Security Protocols," Proc. 6th Conf. Usenix Security Symp., Usenix Assoc., 1996, pp. 1–16.
2. S. Vaudenay, "Security Flaws Induced by CBC Padding," Proc. Int'l Conf. Theory and Applications of Cryptographic Techniques, Springer-Verlag, 2002, pp. 534–546.
3. J. Black and H. Urtubia, "Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption," Proc. 11th Usenix Security Symp., Usenix Assoc., 2002, pp. 327–338.
4. J. Daemen and V. Rijmen, The Design of Rijndael: The Advanced Encryption Standard, Springer-Verlag, 2002.
5. M. Bellare and C. Namprempre, "Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm," Proc. 6th Int'l Conf. Theory and Application of Cryptology and Information Security, (AsiaCrypt 00), Springer-Verlag, 2000, pp. 531–545.
6. H. Krawczyk, "The Order of Encryption and Authentication for Protecting Communications (or: How Secure is SSL?)," Proc. 21st Annual Int'l Cryptology Conf. Advances in Cryptology, Springer-Verlag, 2001, pp. 310–331.
7. M. Dworkin, Recommendation for Block Cipher Modes of Operation: Methods and Techniques, special publication 800-38A, US Nat'l Inst. Standards and Tech., 2001.
8. M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, special publication 800-38B, US Nat'l Inst. Standards and Tech., 2005.
9. M. Bellare, P. Rogaway, and D. Wagner, The EAX Mode of Operation: Fast Secure Encryption, Springer-Verlag, 2004, pp. 389–487.
10. R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, 2001.
287 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool