CipherInputStream for AEAD modes is insecure (GCM, etc.): ciphertext tampering without detection possible

Matthew Hall mhall at mhcomputing.net
Tue Mar 4 01:37:26 UTC 2014

Previous message (by thread): CipherInputStream for AEAD modes is insecure (GCM, etc.): ciphertext tampering without detection possible
Next message (by thread): CipherInputStream for AEAD modes is insecure (GCM, etc.): ciphertext tampering without detection possible
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 03, 2014 at 05:17:04PM -0800, Valerie (Yu-Ching) Peng wrote:
> *Moreover, this class catches all exceptions that are not thrown by
> its ancestor classes.*

Then it should be able to throw an AEAD exception wrapped in an IOException, 
should it not?

Matthew.

Previous message (by thread): CipherInputStream for AEAD modes is insecure (GCM, etc.): ciphertext tampering without detection possible
Next message (by thread): CipherInputStream for AEAD modes is insecure (GCM, etc.): ciphertext tampering without detection possible
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the security-dev mailing list