|
|
|
|
|
|
by some_furry
1071 days ago
|
|
|
> This may expose a padding oracle, with all the nice attacks those things allow, depending on details of the application. Please describe the padding oracle attack against AES-CTR you're envisioning. > In short: I accept the point of your linked post, and I agree with it. But I reject the claim that a functionality mismatch is what makes integrated AEAD better than a constructed EtM. Okay, I don't think we disagree then. We're just debating semantics at this point. :) |
|
|