next AE cipher COLM?

Tobias Mueller muelli at
Fri May 18 16:36:58 CEST 2018


On Fri, 2018-05-18 at 10:12 +0200, Werner Koch wrote:
> OCB is a clean and simple design which does not leak the plaintest on
> accidental IV reuse.
It may not leak the actual plaintext right away but it degenerates to
ECB which some people consider to be equally bad.


More information about the Gnupg-devel mailing list