|
|
|
|
|
|
by rakoo
3112 days ago
|
|
|
The Cryptographic Doom Principle (https://moxie.org/blog/the-cryptographic-doom-principle/) Long story short: writing HMAC code that works correctly is fairly easy, writing Encryption code that works correctly much harder, which means there are way more chances a bug will appear. You don't want to send wild unchecked data to that piece of code, because an attacker might be able to exploit the total lack of checks and extract some information about the plaintext, so you really want to verify it comes from a trusted party before munching it. |
|
|