|
|
|
|
|
|
by upofadown
730 days ago
|
|
|
OCB is superior to AES-GCM-SIV in every way other than nonce reuse. OCB is faster than generic GCM for any combination of hardware acceleration. OCB is also significantly better than generic GCM for nonce reuse. GCM-SIV is not perfect for nonce reuse anyway. It reveals to the attacker that two messages are identical. |
|
|