Co-creator of GCM agrees it’s not great, would rather you not point that out.https://twitter.com/viega/status/886808443952271360 …
-
-
This is a really good point, but I think the GCM failure mode is more realistic, in that it happens routinely.
-
I know intellectually that whole-message repeats are an issue for SIV, but never saw a protocol where I could abuse, so not visceral to me.
- 2 more replies
New conversation -
-
-
You can (and should) just include a nonce in the AAD. Original papers discuss this.
-
SIV is awesome and a big improvement on many nodes, but developers can still get it wrong! Like I said "if you apply it wrong".
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.