[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES cipher suites



Black_David@xxxxxxx wrote:
> 1536-bit Diffie-Hellman; 128-bit AES CBC; HMAC-SHA1; ESP.
> 2048-bit Diffie-Hellman; 128-bit AES CTR; HMAC-SHA1; ESP.

Fine...
 
> Q: Should AES suites with AES-CBC MAC + XCBC be defined as a
>         backstop against the unlikely event that a disastrous
>         attack on HMAC-SHA1 turns up?

IMHO - yes.
 
> AES-CBC MAC + XCBC is the backup MAC algorithm for IP Storage
> ("SHOULD implement" in the ips drafts).