Changes between Initial Version and Version 1 of Ticket #2100, comment 9


Ignore:
Timestamp:
2015-12-14T22:21:14Z (9 years ago)
Author:
daira
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #2100, comment 9

    initial v1  
    33> If we are going to encrypt the private aliases file shouldn't we also use a message authenticating code, perhaps an HMAC?
    44
    5 Yes, we should use authenticated encryption. Encrypt-then-HMAC is fine for that.
     5Yes, we should use authenticated encryption. Encrypt-then-HMAC (e.g. AES-CTR then HMAC) is fine for that.