mirror of
https://github.com/BLAKE3-team/BLAKE3
synced 2024-05-18 16:26:07 +02:00
correct the security notes for the C API
This commit is contained in:
parent
d295410aad
commit
3e67a8f45b
|
@ -197,8 +197,7 @@ bits of collision resistance, for any N up to 256. Longer outputs don't provide
|
||||||
security.
|
security.
|
||||||
|
|
||||||
Avoid relying on the secrecy of the output offset, that is, the number of output bytes read or
|
Avoid relying on the secrecy of the output offset, that is, the number of output bytes read or
|
||||||
the arguments to [`seek`](struct.OutputReader.html#method.seek) or
|
the `seek` argument of `blake3_hasher_finalize_seek`. [_Block-Cipher-Based Tree
|
||||||
[`set_position`](struct.OutputReader.html#method.set_position). [_Block-Cipher-Based Tree
|
|
||||||
Hashing_ by Aldo Gunsing](https://eprint.iacr.org/2022/283) shows that an attacker who knows
|
Hashing_ by Aldo Gunsing](https://eprint.iacr.org/2022/283) shows that an attacker who knows
|
||||||
both the message and the key can easily determine the offset of an extended output. For
|
both the message and the key can easily determine the offset of an extended output. For
|
||||||
comparison, AES-CTR has a similar property: if you know the key, you can decrypt a block from
|
comparison, AES-CTR has a similar property: if you know the key, you can decrypt a block from
|
||||||
|
|
Loading…
Reference in New Issue