Co-creator of GCM agrees it’s not great, would rather you not point that out.https://twitter.com/viega/status/886808443952271360 …
Simple examples: would be pretty bad to encrypt passwords, or VOIP traffic, using SIV. Would break VOIP wide-open, which is interesting.
-
-
Ok that’s cool. Someone should build a model to demonstrate.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
AES-SIV can still take a nonce (i.e. headers)... it doesn't make sense to use it without a nonce except for keywrap
-
Key-wrap can be its own SIV anti-pattern too :( E.g. wrapping flowlet keys/ids using SIV exposes system to flowlet-level TA.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.