"When using GCM [...], you have access to the decrypted data immediately, but don’t know if it’s valid until you get all of the ciphertext."
-
-
Replying to @bascule
@bascule@whitequark Is HMAC on each packet + counter the way to go?2 replies 0 retweets 0 likes -
Replying to @Myriachan
@Myriachan@whitequark GCM is already authenticated, so no need to HMAC. But yeah you can break up ciphertexts into chunks...1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@whitequark How expensive is F(2^n) multiplication without the very recent x86 instruction to do it? Wondering how expensive GCM is2 replies 0 retweets 0 likes
Replying to @Myriachan
@Myriachan @whitequark the Nodists were whining about that in their post (yet another reason they should WebCrypto instead)
2:21 PM - 4 Dec 2014
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.