|
|
|
|
|
|
by CodesInChaos
959 days ago
|
|
|
> An attacker can reveal the key. An attacker can reveal the keystream, but not the AES key. Still catastrophic. And AES-SIV is a lot stronger than CBC with deterministic IV, since CBC reveals if two messages start with the same sequence of 16-byte blocks, while SIV only reveals if the messages are identical. --- There is another interesting option: Create two columns, one using randomized authenticated encryption and one using an HMAC. Then you can use the HMAC column for equality lookups. |
|
|