Re: variable iv lengths for aes-gcm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 18, 2015 at 10:43:18AM +0300, Ambarus Tudor-Dan-B38632 wrote:
> 
> I'm trying to find a method to pass IVs of various lengths to an
> algorithm. A particular case would be aes-gcm IV. It can have any
> number of bits between 1 and 2^64.
> 
> A possible way to do this is to set the ivlen per request. Are there
> any (better) ways to do this?

Why would you want do this apart from the fact that your hardware
supports it and you want to export this?

Using a long IV is fundamentally insecure because all GCM will do
is hash it and there is nothing that can guarantee uniquenes of the
hash result.

You might as well just pull out a random number and use that as your
IV.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux