mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2026-01-21 06:45:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Be more conservative in the description of Aegis256Mac (#16452)

Browse Source 
It is assumed that generating a collision requires more than 2^156
ciphertext modifications. This is plenty enough for any practical
purposes, but it hasn't been proven to be >= 2^256.

Be consistent and conservative here; just claim the same security
as the other variants.
This commit is contained in:
Frank Denis 2023-07-20 01:59:24 +02:00 committed by GitHub
parent cec1e973b6
commit 32aeb2c2ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/std/crypto/aegis.zig
View File

@ -411,7 +411,7 @@ pub const Aegis128LMac = AegisMac(Aegis128L_256);
/// concern, the AEGIS-128L variant should be preferred.
/// AEGIS' large state, non-linearity and non-invertibility provides the
/// following properties:
/// - 256 bit security against forgery.
/// - More than 128 bit security against forgery.
/// - Recovering the secret key from the state would require ~2^256 attempts,
/// which is infeasible for any practical adversary.
/// - It has a large security margin against internal collisions.