9
edits
| m (→Encryption:  add sub-heading to clarify the two parts are talking about different things) | |||
| Line 25: | Line 25: | ||
| --[[User:Exp|Exp]] 06:58, 27 January 2006 (CET) | --[[User:Exp|Exp]] 06:58, 27 January 2006 (CET) | ||
| === Crypto Protocol === | |||
| The encryption specified in the protocol is poorly defined. AES is just a cipher, not a protocol; there are critical details missing, like the type of chaining being done; if its being used in stream or block mode; how replay prevention and other Mallory attacks are to be prevented; etc. Consider using an existing, well-understood crypto protocol. TLS comes to mind. [[User:Derobert|Derobert]] 02:22, 28 January 2006 (CET) | The encryption specified in the protocol is poorly defined. AES is just a cipher, not a protocol; there are critical details missing, like the type of chaining being done; if its being used in stream or block mode; how replay prevention and other Mallory attacks are to be prevented; etc. Consider using an existing, well-understood crypto protocol. TLS comes to mind. [[User:Derobert|Derobert]] 02:22, 28 January 2006 (CET) | ||
edits