New cryptographic “right answers”. Was going to be a tweet storm but I don’t want to lose more friends.https://gist.github.com/tqbf/be58d2d39690c3b366ad …
@tqbf http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/Ferguson2.pdf … is the paper. ChaCha gets this right; implementations always force the right thing.
-
-
@colmmacc Strongly prefer Salsa/Poly1305 to GCM, both for IV and for lack of hardware GF2 mult dep. -
@tqbf +1; but if you're writing .net or Java; you can barely use AES-GCM. If you need portability, AES-CTR + HMAC is best avail. Sucks :( - 11 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.