bucy wrote: ] ] NIST is trying to update the venerable set ] (CBC/OFB/CFB/counter) of encryption modes. Some of the new ] ones provide "authenticated encryption," i.e. the equivalent ] of encryption and MACing with one key and significantly less ] cost than encrypt-then-MAC. ] ] In light of Vaudenay's CBC padding attack, authenticated ] encryption seems prudent. Has there been any survey of the field here? Are these all acceptable from a security standpoint? Are they all useful in particular circumstances? Is there anyone who has written a paper which sorts them out and explains whats good for what? |