8/a Composes its own authentication, rather than using a well-known AEAD scheme. Bad: CTR+HMAC. Good: GCM, CTR+Poly1305.
@tqbf I think an argument could be made that CTR+HMAC is better than GCM because CTR+HMAC can be done constant-time everywhere.
-
-
@BRIAN_____ It’s the separation of concerns that sets off alarms for me, not the nature of HMAC or poly macs.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.