top | item 36633381 (no title) amadvance | 2 years ago That would make AES-XGCM an immediate replacement of AES-GCM that already supports an arbitrary long nonce. discuss order hn newest some_furry|2 years ago The "arbitrary long nonce" gets hashed down (using GHASH) to 96 bits.I mean, sure, if you really want to, you can already do that with the GCM part. I would hesitate to do that to the AES-CBC-MAC part.Your proposal would then be to dedicate the first 16 bytes (128 bits) to the extension, and the rest to GCM.
some_furry|2 years ago The "arbitrary long nonce" gets hashed down (using GHASH) to 96 bits.I mean, sure, if you really want to, you can already do that with the GCM part. I would hesitate to do that to the AES-CBC-MAC part.Your proposal would then be to dedicate the first 16 bytes (128 bits) to the extension, and the rest to GCM.
some_furry|2 years ago
I mean, sure, if you really want to, you can already do that with the GCM part. I would hesitate to do that to the AES-CBC-MAC part.
Your proposal would then be to dedicate the first 16 bytes (128 bits) to the extension, and the rest to GCM.