pgpfan:no_new_ae
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
pgpfan:no_new_ae [2023/12/27 01:00] – [Conclusion] We have a list of example problems now b.walzer | pgpfan:no_new_ae [2024/01/06 16:33] – [Hash then encrypt is generically insecure] removed link to weak article b.walzer | ||
---|---|---|---|
Line 97: | Line 97: | ||
===OpenPGP' | ===OpenPGP' | ||
- | This is essentially the idea that hash then encrypt is inferior expressed in the language of theoretical cryptography. | + | This is essentially the idea that hash then encrypt is inferior expressed in the language of theoretical cryptography. |
+ | |||
+ | Because of that design you have to decrypt the message/ | ||
+ | |||
+ | The check here is the hash called SHA-1. As with most hashes, the time taken is not affected by the content that is being checked. It would be pretty much impossible to make the time taken depend on the content by accident. Since this is a hash, it acts to destroy the meaning of the content to prevent the hash from being reversed. So some sort of side channel leak is very unlikely. | ||
====OpenPGP does not have authenticated encryption. Everything needs authenticated encryption.==== | ====OpenPGP does not have authenticated encryption. Everything needs authenticated encryption.==== |
pgpfan/no_new_ae.txt · Last modified: 2024/01/29 13:21 by b.walzer