wanderer/ BLAKE3
1
0
Fork 0
mirror of https://github.com/BLAKE3-team/BLAKE3 synced 2024-05-05 03:36:12 +02:00
Code Issues Releases Activity

correct the security notes for the C API

This commit is contained in:
Jack O'Connor 2022-03-03 12:06:14 -05:00
parent d295410aad
commit 3e67a8f45b
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
c/README.md
View File

@ -197,8 +197,7 @@ bits of collision resistance, for any N up to 256. Longer outputs don't provide
security.
Avoid relying on the secrecy of the output offset, that is, the number of output bytes read or
the arguments to [`seek`](struct.OutputReader.html#method.seek) or
[`set_position`](struct.OutputReader.html#method.set_position). [_Block-Cipher-Based Tree
the `seek` argument of `blake3_hasher_finalize_seek`. [_Block-Cipher-Based Tree
Hashing_ by Aldo Gunsing](https://eprint.iacr.org/2022/283) shows that an attacker who knows
both the message and the key can easily determine the offset of an extended output. For
comparison, AES-CTR has a similar property: if you know the key, you can decrypt a block from