why is tls having a MAC in the finished message instead of a HASH if it's encrypted/authenticated already?
Also, I guess you don't have to worry about any kind of known plaintext attack on the finished message when its content is derived from kex.
-
-
In general such (psuedo-)randomization should make some proofs easier. YOu might check if TLS 1.3 security proofs rely on it.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.