@BRIAN_____ yes I understood. so limit choices to few good ones (e.g. EdDSA and AEADs only). leaves pretty much only AES-GCM and ChaCha/Poly
-
-
@BRIAN_____@tqbf yes, true. also there is no nonce misuse resistant-mode competition. GCM-SIV is ok, not exciting: https://eprint.iacr.org/2015/102.pdf -
@a_z_e_t@BRIAN_____ “Not exciting” is what I like about it. It’s performant, builds upon and improves a widely used primitive. -
@tqbf@BRIAN_____ maybe I just really dislike GCM. it's complicated, easy to get wrong & not a single master student could explain it to me. -
@a_z_e_t@BRIAN_____ I dislike GCM! It’s very brittle and you have to actually understand it to use it safely (@spdevlin explains it to me) -
@tqbf@BRIAN_____ never liked it. if you know it's still easy to introduce subtle & fatal flaws. details on that later;@spdevlin, others, me
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.