It baffles me why we use AES-GCM, an algorithm that nobody likes or understands, or can even implement correctly. http://eprint.iacr.org/2013/157.pdf
-
-
Replying to @matthew_d_green
.
@matthew_d_green AES-CTR-then-HMAC[SHA-2-512/256] is better in almost every way than AES-GCM.4 replies 2 retweets 2 likes -
Replying to @marshray
@marshray@matthew_d_green AES-CTR-then-HMAC[SHA-3-512] ;)1 reply 0 retweets 0 likes -
Replying to @archwisp
@archwisp@matthew_d_green IMHO 512 bits is wasteful for a MAC and HMAC[SHA-3-512] isn't well defined yet.1 reply 0 retweets 0 likes -
Replying to @marshray2 replies 0 retweets 0 likes
Replying to @matthew_d_green
@matthew_d_green @marshray @archwisp NaCl has a first class API for this (HMAC-SHA512256)
5:04 PM - 26 Mar 2013
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.