@tqbf @matthew_d_green @dchest @marshray so I take it you think even exposing it at all is a bad idea
-
-
Replying to @bascule
@bascule@matthew_d_green@dchest@marshray I would not feel comfortable publishing a library with my own informally reviewed cryptosystem.1 reply 0 retweets 0 likes -
Replying to @tqbf
@tqbf@dchest@marshray that's why I was asking@matthew_d_green ;)3 replies 0 retweets 0 likes -
Replying to @bascule3 replies 0 retweets 0 likes
-
Replying to @matthew_d_green
@matthew_d_green@tqbf@dchest@marshray am I good to go with HMAC(nonce || ciphertext, hmac_key) ?2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@tqbf@dchest Usually key is first and include the nonce length. HMAC(K_mac, nonce_length || nonce || ciphertext)2 replies 0 retweets 0 likes -
Replying to @marshray
@marshray@matthew_d_green@tqbf@dchest cool, thanks1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@tqbf@dchest But it's still busted until you ensure the pair (k, nonce) going into AES-CTR is globally unique3 replies 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.