Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That would make AES-XGCM an immediate replacement of AES-GCM that already supports an arbitrary long nonce.


The "arbitrary long nonce" gets hashed down (using GHASH) to 96 bits.

I mean, sure, if you really want to, you can already do that with the GCM part. I would hesitate to do that to the AES-CBC-MAC part.

Your proposal would then be to dedicate the first 16 bytes (128 bits) to the extension, and the rest to GCM.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: