1. On key storage: Theoretically, you are absolutely right, a strong passphrase is mathematically enough.

virebent@mastodon.social

RE: https://mstdn.ca/@upofadown/116228633551820031

1. On key storage: Theoretically, you are absolutely right, a strong passphrase is mathematically enough. But as you mentioned, the human factor is the bottleneck. That's why defense in depth (like keeping the key offline or on a hardware token/smartcard) is still highly recommended. It bypasses the passphrase usability issue entirely.

2. OCB is about having stronger, mathematically proven guarantees against ciphertext malleability .

upofadown@mstdn.ca

@virebent This recently posted talk about the limits of formal proofs seems weirdly relevant:

Fiona :transbian: :autism: (@Fiona)

[I’ve now converted my lecture on OCB2 and how it is broken to a Web-Presentation and put it on my website.](https://fiona.onl/ocb_lecture.html) Note that this is the second lecture of the course and kinda builds on the assumption that you are already familiar with provable security; also note that these are slides, not lecture notes and that I used to give this lecture with a blackboard that I used with some of the more technical parts; still some of you might find it interesting. If you play the audio recording the slides will follow along automatically; I don’t have captions yet, since this is an hour long recording and creating them would take a lot of time and effort that I don’t currently have the energy for. If you don’t like it, you are welcome to submit a .vtt file though. 😉 #Cryptography

Blåhaj Zone (blahaj.zone)

Yes, I know that we are using OCB3 now...