@hashbreaker The highest two bits of the polynomial output don't influence the authenticator either way, right?
@hashbreaker in poly1305, why not polynomial⊕AES_k(n)? same performance, more nonce reuse resistance? or is that still as easy to attack?
-
-
-
@hashbreaker would still blow up on an empty message, but otherwise, it'd probably at least raise the complexity of an attack a bit, right?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.