Re: XTS cipher mode for cluster file encryption

Sun, 17 Oct 2021 19:20:22 -0700

Just a mention. the HMAC (or AE/AD) can be disabled in AES-GCM. HMAC in AES-GCM is an encrypt-then-hash MAC.
CRC-32 is not a crypto-safe hash (technically CRC-32 is not a hash function). Cryptographers may unhappy with CRC-32. 


I think CRC or SHA is not such important. If IV can be stored, I believe 
there should have enough space to store HMAC.


On 2021/10/18 05:23, Tomas Vondra wrote:



I've argued for storing the nonce, but I don't quite see why would we 
need integrity guarantees?



Attachment:
OpenPGP_0x4E72AF09097DAE2E.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature

Description: OpenPGP digital signature






















					Reply via email to