On Wed, 24 Dec 2025 00:40:05 GMT, Artur Barashev <[email protected]> wrote:
> 12 bytes is the recommended size for GCM per NIST SP 800-38D: > > For IVs, it is recommended that implementations restrict support to the > length of 96 bits, to > promote interoperability, efficiency, and simplicity of design.` > > Larger IV size requires an extra hashing step (GHASH). Currently we have it > set to 16 bytes. Hm, if there are no test changes needed. We might Need to add some. Should we dynamically accept 12-16 Byte IVs? Not sure why the mail talked about 96 Bits for Mac as well, but I think even NIST prefers 128 (in fact that’s a major weakness going forward that’s its limited to the blockiere) ------------- PR Comment: https://git.openjdk.org/jdk/pull/28971#issuecomment-3688471422
