[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AES cipher suites
> 1536-bit Diffie-Hellman; 128-bit AES CBC; HMAC-SHA1; ESP.
> 2048-bit Diffie-Hellman; 128-bit AES CTR; HMAC-SHA1; ESP.
> Q: Should AES suites with AES-CBC MAC + XCBC be defined as a
> backstop against the unlikely event that a disastrous
> attack on HMAC-SHA1 turns up?
IMHO - yes.
> AES-CBC MAC + XCBC is the backup MAC algorithm for IP Storage
> ("SHOULD implement" in the ips drafts).