I dunno why you say it isn't useful. It is inherently plaintext, but still worth... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dadrian 9 months ago \| parent \| context \| favorite \| on: What the heck is AEAD again? I dunno why you say it isn't useful. It is inherently plaintext, but still worth authenticating. If you just used an AEAD but didn't put e.g. the session identifier or connection ID or sequence number in the AD, it would be entirely unauthenticated, but the decryption of, say, the message body would still succeed.

tptacek 9 months ago [–]

I'm not saying it isn't useful, I'm saying it's not a useful example for getting people to understand the concept. Everyone runs aground on "but you need the decryption key to authenticate the plaintext anyways".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact