undefined | Better HN

0 pointstatersolid1y ago0 comments

> you absolutely have to design for cryptographic agility

Yes, but for heaven’s sake don’t design something with “cipher suite negotiation” which has been an endless source of vulnerability over the years in SSL/TLS, IPsec, PGP…

Instead one should advance the version of the entire protocol or file format when you need to upgrade the cryptography. Then you deprecate old versions as quickly as possible. WireGuard and age have no algorithm negotiation at all.

0 comments

nmadden1y ago

The best way to do cryptographic agility is to associate the algorithm with the key and negotiate keys (from a given set) only. Google’s Tink library does this very well. See https://neilmadden.blog/2018/09/30/key-driven-cryptographic-... for some more background. Version numbers are just algorithm identifiers in another form.

lifthrasiir1y ago

In the other words, you only need cryptographic evolvability, not agility.

wepple1y ago

Yeah, very very important point

j / k navigate · click thread line to collapse