ciphers:gcm
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| ciphers:gcm [2020/05/26 00:36] – peter | ciphers:gcm [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 33: | Line 33: | ||
| - The first weakness is that an n-bit tag provides only n − k bits of authentication security when messages are 2 k blocks long. | - The first weakness is that an n-bit tag provides only n − k bits of authentication security when messages are 2 k blocks long. | ||
| - | * Competing modes do not have this problem, or have it only when n = 128, in which case the practical effect is minimal. | + | * Competing modes do not have this problem, or have it only when n = 128, in which case the practical effect is minimal.\\ \\ |
| - | + | ||
| - A successful forgery immediately reveals information about the authentication key. | - A successful forgery immediately reveals information about the authentication key. | ||
| * This weakness exacerbates the consequences of the first one, and leads to a complete loss of authentication security. | * This weakness exacerbates the consequences of the first one, and leads to a complete loss of authentication security. | ||
ciphers/gcm.1590453375.txt.gz · Last modified: 2020/07/15 09:30 (external edit)