"When using GCM [...], you have access to the decrypted data immediately, but don’t know if it’s valid until you get all of the ciphertext."
@Myriachan @whitequark GCM is both slow and difficult to implement in constant time without CLMUL
-
-
@bascule@whitequark Eww, yes, that'd get nasty if your situation cares about avoiding timing or caching subchannel attacks >.<Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.