Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
On Mon, 28 Mar 2022 15:10, Justus Winter said:
I don't think the attack was designed by Lara, AIUI she dug it up.
She is the author of the the yet unpublished paper.
But the notes talk about a different paper that describes how to
downgrade a GCM cipher stream to CBC thereby stripping the
authentication and making it malleable again:
https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_4_0.pdf
Justus
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp