next AE cipher COLM?

Tobias Mueller muelli at cryptobitch.de
Fri May 18 15:03:39 CEST 2018


Hi,

On Fri, 2018-05-18 at 10:56 +0000, Uri Blumenthal wrote:
> which really shouldn't apply to OpenPGP or S/MIME, because each
> message should get its own unique random symmetric key
Mind you: people use OpenPGP not only for email but also for backups.

That's why two-pass schemes are not suitable, because you cannot stream
large amounts of data.  There are still one-pass schemes which make
nonce reuse less fatal as with AES-GCM.

Cheers,
  Tobi



More information about the Gnupg-devel mailing list