On Thu, Oct 7, 2021 at 3:31 PM Ashwin Agrawal <ashwinstar@gmail.com> wrote:
> Not at all knowledgeable on security topics (bravely using terms and recommendation), can we approach decisions like
AES-XTSvs AES-GCM (which in turn decides whether we need to store nonce or not) based on which compliance it can
achieveor not. Like can using AES-XTS make it FIPS 140-2 compliant or not?
To the best of my knowledge, the encryption mode doesn't have much to
do with whether such compliance can be achieved. The encryption
algorithm could matter, but I assume everyone still thinks AES is
acceptable. (We should assume that will eventually change.) The
encryption mode is, at least as I understand, more of an internal
thing that you have to get right to avoid having people break your
encryption and write papers about how they did it.
--
Robert Haas
EDB: http://www.enterprisedb.com