ciphers:gcm
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| ciphers:gcm [2020/05/26 00:35] – peter | ciphers:gcm [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 7: | Line 7: | ||
| GCM is defined for block ciphers with a block size of 128 bits. | GCM is defined for block ciphers with a block size of 128 bits. | ||
| + | ---- | ||
| ===== Pros ===== | ===== Pros ===== | ||
| Line 21: | Line 22: | ||
| + | ---- | ||
| ===== Cons ===== | ===== Cons ===== | ||
| Line 31: | Line 33: | ||
| - The first weakness is that an n-bit tag provides only n − k bits of authentication security when messages are 2 k blocks long. | - The first weakness is that an n-bit tag provides only n − k bits of authentication security when messages are 2 k blocks long. | ||
| - | * Competing modes do not have this problem, or have it only when n = 128, in which case the practical effect is minimal. | + | * Competing modes do not have this problem, or have it only when n = 128, in which case the practical effect is minimal.\\ \\ |
| - A successful forgery immediately reveals information about the authentication key. | - A successful forgery immediately reveals information about the authentication key. | ||
| * This weakness exacerbates the consequences of the first one, and leads to a complete loss of authentication security. | * This weakness exacerbates the consequences of the first one, and leads to a complete loss of authentication security. | ||
ciphers/gcm.1590453321.txt.gz · Last modified: 2020/07/15 09:30 (external edit)