pgpfan:no_new_ae
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
pgpfan:no_new_ae [2024/01/06 16:33] – [Hash then encrypt is generically insecure] removed link to weak article b.walzer | pgpfan:no_new_ae [2024/01/06 16:41] – [Hash then encrypt is generically insecure] closer b.walzer | ||
---|---|---|---|
Line 102: | Line 102: | ||
The check here is the hash called SHA-1. As with most hashes, the time taken is not affected by the content that is being checked. It would be pretty much impossible to make the time taken depend on the content by accident. Since this is a hash, it acts to destroy the meaning of the content to prevent the hash from being reversed. So some sort of side channel leak is very unlikely. | The check here is the hash called SHA-1. As with most hashes, the time taken is not affected by the content that is being checked. It would be pretty much impossible to make the time taken depend on the content by accident. Since this is a hash, it acts to destroy the meaning of the content to prevent the hash from being reversed. So some sort of side channel leak is very unlikely. | ||
+ | |||
+ | So when someone brings up the fact that OCFB-MDC is INT-PTXT they are really saying they think that a hash operation might leak information. They would have to come up with some idea of how that might happen. | ||
====OpenPGP does not have authenticated encryption. Everything needs authenticated encryption.==== | ====OpenPGP does not have authenticated encryption. Everything needs authenticated encryption.==== |
pgpfan/no_new_ae.txt · Last modified: 2024/01/29 13:21 by b.walzer