On 9/03/2014, at 10:50 pm, Tim Whittington <jdk-security-...@whittington.net.nz> wrote:
> > On 7/03/2014, at 9:14 am, Philipp Heckel <philipp.hec...@gmail.com> wrote: > >> - Using javax.crypto.CipherInputStream with a cipher in GCM mode and the >> SunJCE provider (JDK8+) is secure, but cannot be used large files, because >> it will buffer all data until the tag is verified (as defined by the GCM >> spec) [1] > > This (the part about it being secure) is not correct - when using > javax.crypto.CipherInputStream with a cipher in GCM mode and the SunJCE > provider (JDK8+) any tampering with the ciphertext will silently treat the > result as a 0 byte authenticated stream. > Sorry, I should have been clearer here - this problem occurs with any provider (and any AE mode) not just the SunJCE GCM implementation. tim
