New cryptographic “right answers”. Was going to be a tweet storm but I don’t want to lose more friends.https://gist.github.com/tqbf/be58d2d39690c3b366ad …
@tqbf Unfortunately not. AES-GCM spec includes GHASH expansion for arbitrary sized IV, but < 96-bits of input is not collision resistant.
-
-
@tqbf http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/Ferguson2.pdf … is the paper. ChaCha gets this right; implementations always force the right thing. -
@colmmacc Strongly prefer Salsa/Poly1305 to GCM, both for IV and for lack of hardware GF2 mult dep. - 12 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.