1) If you want to prevent tampering, use a MAC, not a cipher. My
recommendation is HMAC-SHA-2. Be sure to use a constant time equality check
while verifying the MAC.
2) If you want to encrypt something symmetrically, use authenticated
encryption. Either with a specialized mode, like AES-GCM or
On 21 July 2013 22:40, Ben Lincoln f70c9...@beneaththewaves.net wrote:
Maybe I am misunderstanding (and I apologize if so), but I don't think
authenticated encryption will address the main problem I'm trying to solve.
Preventing tampering is important (and I think some of what I suggested has
