@bascule could you eleborate why "MAC then Encrypt" is an insecure cryptographic scheme? (assuming we use a secure hash function)
@lkssnk you need a secure MAC, and if you don't check the MAC (even if decryption fails) you're vulnerable to a padding oracle attack
-
-
@bascule thanks, I didn't know that OpenSSL uses some nasty workarounds to address this problemThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.