Being offline does not ensure security against unverified plaintext. Imagine a c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pbsd on Oct 17, 2017 \| parent \| context \| favorite \| on: Miscreant: a multi-language misuse resistant encry... Being offline does not ensure security against unverified plaintext. Imagine a colossal implementation fuckup (e.g., using strncmp to verify tags, ala Nintendo), or perhaps a hardware glitch flipping the verification bit to always return true. Ideally, i.e. with a robust AE scheme, you would hope that an altered ciphertext would result in random plaintext, but in SIV this is not the case. Alas, there are no standardized robust schemes, with AEZ making it to the CAESAR final portfolio being the most likely scenario of that happening.

swordswinger12 on Oct 17, 2017 [–]

AEZ uses a non-standard AES variant in a sui generis fashion; as a result some people have called its security into question: https://eprint.iacr.org/2016/832.pdf

Point being, its inclusion in the final CAESAR portfolio is far from clear at this point.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact