@julianor @matthew_d_green @veorq @nikitab seems so silly if all a potential forger can do is MAC garbage. What’s the point?
-
-
@bascule@julianor@matthew_d_green@veorq the ciphertext is malleable, so you can MAC a modification thereof. -
@nikitab@bascule@julianor@matthew_d_green the 2005 paper argues that it's superfluous with a suitable AKE, in 6.1: http://www.dmi.unict.it/diraimondo/web/wp-content/uploads/papers/otr.pdf … -
@nikitab@bascule@julianor@matthew_d_green afaiu it doesn't even help if the encryption key is later compromised -
@nikitab@bascule@julianor@matthew_d_green my gut feeling is that a (1-pass) AEAD could simplify some things, in the tweaked AK as well
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.