next AE cipher COLM?
Robert J. Hansen
rjh at sixdemonbag.org
Thu May 17 20:16:17 CEST 2018
> And please don't mention GCM - counter based algorithms are way too
> brittle for solid cryptography. Remember the RC4 lessons.
To say nothing of the implementation difficulty. The more complex the
algorithm, the less the chance it'll be implemented correctly. As
someone who's implemented GCM a couple of times, it's not a simple mode.
It's tremendously fiddly. Complicated code leads to complicated
failure modes and testing difficulties.
More information about the Gnupg-devel