@matthew_d_green @tqbf @dchest @marshray am I good to go with HMAC(nonce || ciphertext, hmac_key) ?
-
-
@bascule@matthew_d_green@tqbf@dchest Usually key is first and include the nonce length. HMAC(K_mac, nonce_length || nonce || ciphertext) -
@marshray@matthew_d_green@tqbf@dchest cool, thanks -
@bascule@matthew_d_green@tqbf@dchest But it's still busted until you ensure the pair (k, nonce) going into AES-CTR is globally unique -
@marshray@matthew_d_green@tqbf@dchest with a 256-bit HKDF-derived key unique to each message, that should be fine, right?
End of conversation
New conversation -
-
-
@matthew_d_green@tqbf@dchest@marshray awesome, thanks
End of conversation
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.