-
Notifications
You must be signed in to change notification settings - Fork 154
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Based on the recommendations of the following paper, which describes an attack against OCB3 mode: https://eprint.iacr.org/2023/326.pdf > In the case of OCB3, it is easy to fix the algorithm’s specification > in order to avoid the weakness and abide to the full assumptions of > the security proof. If the description is unchanged, the requirement > N ≥ 6 must become an absolute requirement. Furthermore, this restricts the minimum tag size to 1-byte, up from the former 0-bytes. This is a questionable choice of minimum but reflects the wording in the RFC: > The TAGLEN parameter specifies the length of authentication tag used > by OCB and may be any value up to 128
- Loading branch information
Showing
2 changed files
with
31 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters