|
|
|
|
|
|
by notfed
730 days ago
|
|
|
The "fix" is to use a nonce misuse resistant cipher, of which AES-GCM-SIV is one. But, AES-GCM-SIV requires two passes over the data, which isn't always ideal. The goal of the CAESAR competition [1] was essentially to find alternatives. Whether that goal has been met is a bit unclear at the moment. [1] https://competitions.cr.yp.to/caesar-submissions.html |
|
|
https://en.wikipedia.org/wiki/CAESAR_Competition