On Wed, 2017-10-18 at 09:33 +0300, Nazar Mokrynskyi wrote:
> Message will still reach receiver (not dropped early), but from > corrupted message it should not be possible to recover any structure > that will allow to confirm tagging attack, it should look like > rubbish. There is still a 1 bit tagging attack where corrupting the message is the tag, so one can send 1 bit per frame this way in an onion router. All I know is that Tor plants to use a wide-block cipher eventually, but they did not prioritize it highly enough to use AEZ now, and instead opted to wait until HHFHFH materializes to compare. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
