Co-creator of GCM agrees it’s not great, would rather you not point that out.https://twitter.com/viega/status/886808443952271360 …
"better" is use-specific, and (so far) no mode is safe for all purposes. Developers burdened to understand at least that, and seek help.
-
-
I think I just thought up the worst use for SIV: password encryption. Reveals length and simple keyed MAC of the password.
-
From earlier in the thread: https://twitter.com/colmmacc/status/886820804490518530 … - but twitter threading sucks and doesn't show it???
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.