|
|
|
|
|
|
by some_furry
1072 days ago
|
|
|
The "arbitrary long nonce" gets hashed down (using GHASH) to 96 bits. I mean, sure, if you really want to, you can already do that with the GCM part. I would hesitate to do that to the AES-CBC-MAC part. Your proposal would then be to dedicate the first 16 bytes (128 bits) to the extension, and the rest to GCM. |
|
|